Filtered by vendor Wpmet
Subscribe
Total
23 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-1442 | 1 Wpmet | 1 Metform Elementor Contact Form Builder | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3. | |||||
CVE-2022-0788 | 1 Wpmet | 1 Wp Fundraising Donation And Crowdfunding Platform | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users | |||||
CVE-2021-24258 | 1 Wpmet | 1 Elements Kit Elementor Addons | 2024-02-04 | 4.0 MEDIUM | 5.4 MEDIUM |
The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. |