Information Disclosure Vulnerability in Metform Elementor Contact Form Builder for WordPress
CVE-2023-0689
4.3MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 31 August 2023
What is CVE-2023-0689?
The Metform Elementor Contact Form Builder for WordPress is susceptible to an information disclosure vulnerability due to the use of the 'mf_first_name' shortcode. Authenticated users with subscriber-level access or higher can exploit this issue to access sensitive information from arbitrary form submissions, including the submitter's first name. This vulnerability highlights the importance of securing form data and implementing adequate user permissions to prevent unauthorized information access.
Affected Version(s)
Metform Elementor Contact Form Builder * <= 3.3.1