PT-2023-16000 · WordPress · Metform Elementor Contact Form Builder

Mohammed El Amin

Publicado

2023-03-02

Atualizado

2023-03-10

CVE-2023-0085

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Metform Elementor Contact Form Builder plugin for WordPress versions up to, and including, 3.2.1

Description The issue is related to insufficient server-side checking of the captcha value submitted during form submission, allowing unauthenticated attackers to bypass Captcha restrictions. This enables attackers to utilize bots to submit forms.

Recommendations For versions up to, and including, 3.2.1, update to a version higher than 3.2.1 to resolve the issue.

Correção

Protection Mechanism Failure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-693

Identificadores relacionados

CVE-2023-0085

Produtos afetados

Metform Elementor Contact Form Builder

PT-2023-16000 · WordPress · Metform Elementor Contact Form Builder

CVE-2023-0085

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6