CVE-2023-0084

WordPress uchun Metform Elementor Contact Form Builder plagini kirish sanitarizatsiyasi yetarli emasligi va chiqishdan qochib ketganligi sababli 3.1.2 ga qadar va shu jumladan, versiyalardagi shakllardagi matn maydonlari orqali saytlararo saqlangan skriptlarga nisbatan zaifdir. Bu autentifikatsiya qilinmagan buzg'unchilarga sahifalarga o'zboshimchalik bilan veb-skriptlarni kiritish imkonini beradi, ular foydalanuvchi yuborilgan sahifaga, ya'ni yuborilgan sahifaga kirganda bajariladi.

CVSS Vector

Manbalar

• https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2845078%40metform&new=2845078%40metform&sfp_email=&sfph_mail=
• https://wordpress.org/plugins/metform/#description
• https://www.wordfence.com/blog/2023/02/high-severity-xss-vulnerability-in-metform-elementor-contact-form-builder/
• https://www.wordfence.com/threat-intel/vulnerabilities/id/05f7d9fe-e95f-4ddf-9bce-2aeac3c2e946?source=cve
• https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2845078%40metform&new=2845078%40metform&sfp_email=&sfph_mail=