The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthenticated attackers to bypass Captcha restrictions and for attackers to utilize bots to submit forms.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:36
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2868889%40metform&new=2868889%40metform&sfp_email=&sfph_mail= - Patch | |
References | () https://wordpress.org/plugins/metform/ - Product | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/69527d4b-49b6-47cd-93b6-39350f881ec9 - Third Party Advisory |
10 Mar 2023, 04:59
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2868889%40metform&new=2868889%40metform&sfp_email=&sfph_mail= - Patch | |
References | (MISC) https://wordpress.org/plugins/metform/ - Product | |
References | (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/69527d4b-49b6-47cd-93b6-39350f881ec9 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CPE | cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:* |
02 Mar 2023, 18:22
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-02 17:15
Updated : 2024-11-21 07:36
NVD link : CVE-2023-0085
Mitre link : CVE-2023-0085
CVE.ORG link : CVE-2023-0085
JSON object : View
Products Affected
wpmet
- metform_elementor_contact_form_builder
CWE
No CWE.