CVE-2023-0085 MEDIUM

CVE-2023-0085: Metform Elementor Contact Form Builder <= 3.2.1 - reCaptcha Protection Bypass

Vendor Roxnor
Product MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
Weakness CWE-693
Published March 2, 2023
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthenticated attackers to bypass Captcha restrictions and for attackers to utilize bots to submit forms.

Key dates

02Disclosure timeline

March 2, 2023 CVE published
April 8, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-13601 Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications CVE-2023-4466 Poly CCX 400/CCX 600/Trio 8800/Trio C60 Web Interface protection mechanism CVE-2022-39957 Response body bypass in OWASP ModSecurity Core Rule Set via a specialy crafted charset in the HTTP Accept header CVE-2026-48575 Secure Boot Security Feature Bypass Vulnerability CVE-2024-38070 Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability