HTTP: WordPress Metform Elementor Plugin Stored Cross-Site Scripting
This signature detects attempts to exploit a known cross-site scripting vulnerability against WordPress Metform Elementor Plugin. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, which is the submissions page.
Affected Products
Wpmet metform_elementor_contact_form_builder
Short Name
HTTP:XSS:WRDPRS-METFORM-PLGIN
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2023-0084 Cross-Site Elementor Metform Plugin Scripting Stored WordPress
Release Date
03/31/2023
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3585
False Positive
Unknown
Vendors
Wpmet