CVE-2023-0692 in Metform Elementor Contact Form Builder Pluginthông tin

Tóm tắt

Bởi MITRE • 09/06/2023

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_payment_status' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the payment status of arbitrary form submissions.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

chịu trách nhiệm

Wordfence

Đặt trước

06/02/2023

Tiết lộ

09/06/2023

Kiểm duyệt

được chấp nhận

EPSS

0.00603

KEV

không

Các hoạt động

rất thấp

Nguồn

Want to know what is going to be exploited?

We predict KEV entries!