Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Wpmet Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-6788 1 Wpmet 1 Metform Elementor Contact Form Builder 2024-01-11 N/A 5.4 MEDIUM
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on the contents function. This makes it possible for unauthenticated attackers to update the options "mf_hubsopt_token", "mf_hubsopt_refresh_token", "mf_hubsopt_token_type", and "mf_hubsopt_expires_in" via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This would allow an attacker to connect their own Hubspot account to a victim site's metform to obtain leads and contacts.
CVE-2023-28987 1 Wpmet 1 Wp Ultimate Review 2023-11-16 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review pluginĀ <= 2.0.3 versions.
CVE-2022-0788 1 Wpmet 1 Wp Fundraising Donation And Crowdfunding Platform 2022-07-11 7.5 HIGH 9.8 CRITICAL
The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users
CVE-2022-1442 1 Wpmet 1 Metform Elementor Contact Form Builder 2022-05-18 5.0 MEDIUM 7.5 HIGH
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3.
CVE-2021-24258 1 Wpmet 1 Elements Kit Elementor Addons 2021-05-11 4.0 MEDIUM 5.4 MEDIUM
The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.