CVE-2023-0694

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about any standard form field of any form submission.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:37

Type Values Removed Values Added
References () https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078 - Patch () https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078 - Patch
References () https://plugins.trac.wordpress.org/changeset/2910040/ - Patch () https://plugins.trac.wordpress.org/changeset/2910040/ - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/1a8b194c-371f-4adc-98fa-8f4e47a38ee7?source=cve - Third Party Advisory () https://www.wordfence.com/threat-intel/vulnerabilities/id/1a8b194c-371f-4adc-98fa-8f4e47a38ee7?source=cve - Third Party Advisory
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 6.5

14 Jun 2023, 20:16

Type Values Removed Values Added
CPE cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
References (MISC) https://plugins.trac.wordpress.org/changeset/2910040/ - (MISC) https://plugins.trac.wordpress.org/changeset/2910040/ - Patch
References (MISC) https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078 - (MISC) https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078 - Patch
References (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/1a8b194c-371f-4adc-98fa-8f4e47a38ee7?source=cve - (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/1a8b194c-371f-4adc-98fa-8f4e47a38ee7?source=cve - Third Party Advisory

09 Jun 2023, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-09 06:15

Updated : 2024-11-21 07:37


NVD link : CVE-2023-0694

Mitre link : CVE-2023-0694

CVE.ORG link : CVE-2023-0694


JSON object : View

Products Affected

wpmet

  • metform_elementor_contact_form_builder
CWE

No CWE.