CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0714 – Metform Elementor Contact Form Builder <= 3.2.4 - Unauthenticated Double-Extension Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-0714
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" attack and upload files containing a malicious extension but ending with a benign extension, which may make remote code execution possible in some configurations. • https://plugins.trac.wordpress.org/browser/metform/trunk/core/entries/file-data-validation.php?rev=2746287 https://plugins.trac.wordpress.org/changeset/2896914 https://www.wordfence.com/threat-intel/vulnerabilities/id/697ce433-f321-4977-a2ad-68369d9ce9c3?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4266 – MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 3.8.8 - Unauthenticated Sensitive Information Exposure
https://notcve.org/view.php?id=CVE-2024-4266
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users. El complemento MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor para WordPress es vulnerable a la exposición de información confidencial en versiones hasta la 3.8.8 incluida a través de la función 'handle_file'. Esto puede permitir a atacantes no autenticados extraer datos confidenciales, como información de identificación personal, de archivos cargados por los usuarios. • https://plugins.trac.wordpress.org/browser/metform/trunk/core/entries/action.php#L1019 https://plugins.trac.wordpress.org/changeset/3099977 https://www.wordfence.com/threat-intel/vulnerabilities/id/8edb72f5-dda3-4c59-ba7a-7a460cb59c03?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2791 – Metform Elementor Contact Form Builder <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets
https://notcve.org/view.php?id=CVE-2024-2791
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Metform Elementor Contact Form Builder para WordPress es vulnerable a cross-site scripting almacenado a través de los widgets del complemento en todas las versiones hasta la 3.8.5 incluida debido a una limpieza de entrada y a un escape de salida en los atributos proporcionados por el usuario insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://plugins.trac.wordpress.org/changeset/3061715/metform/trunk/widgets/file-upload/file-upload.php https://www.wordfence.com/threat-intel/vulnerabilities/id/0dad759d-9b44-47ca-8410-e39f65dc919c?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •