Stored Cross-Site Scripting Vulnerability in Metform Elementor Contact Form Builder Plugin for WordPress
CVE-2023-0084
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 2 March 2023
What is CVE-2023-0084?
The Metform Elementor Contact Form Builder plugin for WordPress is prone to a Stored Cross-Site Scripting vulnerability due to inadequate sanitization and escaping of user input. This security flaw affects versions up to 3.1.2 and allows attackers, without authentication, to inject arbitrary scripts into form text areas. These scripts execute in the browsers of users visiting the compromised submissions page, potentially leading to data theft and session hijacking.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Metform Elementor Contact Form Builder β Flexible and Design-Friendly Contact Form builder plugin for WordPress * <= 3.1.2
References
EPSS Score
29% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved