Wpmet

Metform Elementor Contact Form Builder

23 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-50903

  • EPSS 0.22%
  • Published 09.12.2024 13:15:39
  • Last modified 01.03.2025 02:43:43

Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.4.0.

9.8

CVE-2023-0714

  • EPSS 10.75%
  • Published 17.08.2024 10:15:06
  • Last modified 23.04.2025 17:30:05

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" att...

7.5

CVE-2024-4266

  • EPSS 1.01%
  • Published 11.06.2024 08:15:50
  • Last modified 26.02.2025 20:58:40

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated ...

8.8

CVE-2024-33570

  • EPSS 0.34%
  • Published 06.05.2024 20:15:11
  • Last modified 20.02.2025 20:04:28

Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.8.3.

5.4

CVE-2024-2791

  • EPSS 0.19%
  • Published 02.04.2024 06:15:15
  • Last modified 27.02.2025 17:58:20

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.8.5 due to insufficient input sanitization and output escaping on user suppl...

5.4

CVE-2024-1585

  • EPSS 0.17%
  • Published 13.03.2024 16:15:24
  • Last modified 05.03.2025 18:24:35

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user ...

5.4

CVE-2023-6788

  • EPSS 0.09%
  • Published 09.01.2024 04:15:07
  • Last modified 21.11.2024 08:44:33

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on the contents function. This makes it poss...

4.3

CVE-2023-0689

  • EPSS 0.13%
  • Published 31.08.2023 06:15:08
  • Last modified 21.11.2024 07:37:37

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or abo...

4.3

CVE-2023-2517

  • EPSS 0.05%
  • Published 12.07.2023 05:15:09
  • Last modified 21.11.2024 07:58:45

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalink_setup function. This makes it p...

5.3

CVE-2023-1843

  • EPSS 0.09%
  • Published 09.06.2023 06:15:58
  • Last modified 21.11.2024 07:40:00

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalink_setup function in versions up to, and including, 3.3.0. This makes it possible...