Описание
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about any standard form field of any form submission.
Ссылки
- Patch
- Patch
- Third Party Advisory
- Patch
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.3.1 (включая)
cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 47%
0.00241
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 6.5
github
больше 2 лет назад
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about any standard form field of any form submission.
EPSS
Процентиль: 47%
0.00241
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS3