The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
Metrics
Affected Vendors & Products
References
History
Mon, 23 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-06-09T05:33:33.988Z
Updated: 2024-12-23T16:19:09.122Z
Reserved: 2023-02-07T16:44:17.504Z
Link: CVE-2023-0721
Vulnrichment
Updated: 2024-08-02T05:24:33.117Z
NVD
Status : Modified
Published: 2023-06-09T06:15:53.530
Modified: 2024-11-21T07:37:41.747
Link: CVE-2023-0721
Redhat
No data.