High-Severity XSS Vulnerability in Metform Elementor Contact Form Builder

High-Severity XSS Vulnerability in Metform Elementor Contact Form Builder

On January 4, 2023, independent security researcher Mohammed Chemouri reached out to the Wordfence Vulnerability Disclosure program to responsibly disclose and request a CVE ID for a vulnerability in Metform Elementor Contact Form Builder, a WordPress plugin with over 100,000 installations.

The vulnerability, an unauthenticated stored cross-site scripting vulnerability, is arguably the most dangerous variant of cross-site scripting as it provides the easiest path to site takeover, and has been assigned an identifier of CVE-2023-0084.

[lees verder bij Wordfence]

06-02-2023 Deel
Deze website is gemaakt met Websitemachine.nl