CVE-2023-0721
Published: 09 June 2023
Summary
CVE-2023-0721 is a high-severity Improper Neutralization of Formula Elements in a CSV File (CWE-1236) vulnerability in Wpmet Metform Elementor Contact Form Builder. Its CVSS base score is 8.3 (High).
Operationally, ranked in the top 25.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-12749
Vulnerability details
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when…
more
these files are downloaded and opened on a local system with a vulnerable configuration.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.