Wpmet Metform_elementor_contact_form_builder

23 CVEs affecting Wpmet Metform_elementor_contact_form_builder. Latest disclosed: 2024-12-09. Critical: 0, High: 4.

Top CVEs affecting Wpmet Metform_elementor_contact_form_builder
CVESeverityScorePublishedSummary
CVE-2023-0721High8.32023-06-09The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthentic…
CVE-2023-0714High8.12024-08-17The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and…
CVE-2022-1442High7.52022-05-10The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be…
CVE-2023-0084High7.22023-03-02The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and inc…
CVE-2023-1843Medium6.52023-06-09The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on t…
CVE-2023-0694Medium6.52023-06-09The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and including, 3.3.1…
CVE-2023-0693Medium6.52023-06-09The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_transaction_id' shortcode in versions up to, and i…
CVE-2023-0688Medium6.52023-06-09The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_thankyou' shortcode in versions up to, and includi…
CVE-2024-2791Medium6.42024-04-02The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, an…
CVE-2024-1585Medium6.42024-03-13The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up t…
CVE-2023-6788Medium5.42024-01-09The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This i…
CVE-2023-2517Medium5.42023-07-12The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is du…
CVE-2023-0709Medium5.42023-06-09The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_last_name' shortcode to echo unescaped form sub…
CVE-2023-0708Medium5.42023-06-09The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_first_name' shortcode to echo unescaped form su…
CVE-2023-0695Medium5.42023-06-09The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions i…
CVE-2023-50903Medium5.32024-12-09Missing Authorization vulnerability in Roxnor Metform metform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metfor…
CVE-2024-4266Medium5.32024-06-11The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions…
CVE-2023-0085Medium5.32023-03-02The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insuf…
CVE-2023-0710Medium4.92023-06-09The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'fname' attribute of the 'mf_thankyou' shortcode to…
CVE-2024-33570Medium4.32024-05-06Missing Authorization vulnerability in Roxnor Metform metform.This issue affects Metform: from n/a through <= 3.8.3.