Vulnerabilities > Wpmet > Metform Elementor Contact Form Builder > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-09 CVE-2023-6788 Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Metform Elementor Contact Form Builder
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1.
network
low complexity
wpmet CWE-352
5.4
2023-08-31 CVE-2023-0689 Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1.
network
low complexity
wpmet
4.3
2023-07-12 CVE-2023-2517 Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2.
network
low complexity
wpmet
4.3
2023-06-09 CVE-2023-0688 Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_thankyou' shortcode in versions up to, and including, 3.3.1.
network
low complexity
wpmet
6.5
2023-06-09 CVE-2023-0691 Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_last_name' shortcode in versions up to, and including, 3.3.1.
network
low complexity
wpmet
4.3
2023-06-09 CVE-2023-0692 Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_payment_status' shortcode in versions up to, and including, 3.3.1.
network
low complexity
wpmet
4.3
2023-06-09 CVE-2023-0693 Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_transaction_id' shortcode in versions up to, and including, 3.3.1.
network
low complexity
wpmet
4.3
2023-06-09 CVE-2023-0694 Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and including, 3.3.1.
network
low complexity
wpmet
4.3
2023-06-09 CVE-2023-0695 Cross-site Scripting vulnerability in Wpmet Metform Elementor Contact Form Builder
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0.
network
low complexity
wpmet CWE-79
5.4
2023-06-09 CVE-2023-0708 Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_first_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0.
network
low complexity
wpmet
5.4