Wpmet

Metform Elementor Contact Form Builder

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-50903

  • EPSS 0.22%
  • Veröffentlicht 09.12.2024 13:15:39
  • Zuletzt bearbeitet 01.03.2025 02:43:43

Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.4.0.

9.8

CVE-2023-0714

  • EPSS 10.75%
  • Veröffentlicht 17.08.2024 10:15:06
  • Zuletzt bearbeitet 23.04.2025 17:30:05

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" att...

7.5

CVE-2024-4266

  • EPSS 1.36%
  • Veröffentlicht 11.06.2024 08:15:50
  • Zuletzt bearbeitet 26.02.2025 20:58:40

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated ...

8.8

CVE-2024-33570

  • EPSS 0.34%
  • Veröffentlicht 06.05.2024 20:15:11
  • Zuletzt bearbeitet 20.02.2025 20:04:28

Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.8.3.

5.4

CVE-2024-2791

  • EPSS 0.19%
  • Veröffentlicht 02.04.2024 06:15:15
  • Zuletzt bearbeitet 27.02.2025 17:58:20

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.8.5 due to insufficient input sanitization and output escaping on user suppl...

5.4

CVE-2024-1585

  • EPSS 0.17%
  • Veröffentlicht 13.03.2024 16:15:24
  • Zuletzt bearbeitet 05.03.2025 18:24:35

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user ...

5.4

CVE-2023-6788

  • EPSS 0.12%
  • Veröffentlicht 09.01.2024 04:15:07
  • Zuletzt bearbeitet 21.11.2024 08:44:33

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on the contents function. This makes it poss...

4.3

CVE-2023-0689

  • EPSS 0.13%
  • Veröffentlicht 31.08.2023 06:15:08
  • Zuletzt bearbeitet 21.11.2024 07:37:37

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or abo...

4.3

CVE-2023-2517

  • EPSS 0.05%
  • Veröffentlicht 12.07.2023 05:15:09
  • Zuletzt bearbeitet 21.11.2024 07:58:45

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalink_setup function. This makes it p...

5.3

CVE-2023-1843

  • EPSS 0.09%
  • Veröffentlicht 09.06.2023 06:15:58
  • Zuletzt bearbeitet 21.11.2024 07:40:00

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalink_setup function in versions up to, and including, 3.3.0. This makes it possible...