CVE-2023-0688: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2023-0688 affects the MetForm Elementor Contact Form Builder WordPress plugin versions below 3.3.2. This security issue was publicly disclosed on June 8, 2023, and involves sensitive information disclosure vulnerabilities that affect subscriber-level users and above (WPScan).

The vulnerability allows less privileged users, such as subscribers, to access various sensitive information through the plugin's shortcodes. This includes access to payment statuses, transaction IDs, submitter's name information, and virtually all fields of any form submissions. The vulnerability has been assigned a CVSS score of 6.5 (medium) and is classified under CWE-200, falling into the OWASP Top 10 category A3: Sensitive Data Exposure (WPScan).

The impact of this vulnerability allows unauthorized access to sensitive form submission data, including payment information, personal details, and other confidential information submitted through the forms. This exposure of sensitive data could potentially lead to privacy violations and misuse of personal information (WPScan).

The vulnerability has been fixed in version 3.3.2 of the MetForm Elementor Contact Form Builder plugin. Users are strongly advised to update to this version or later to protect against potential exploitation (WPScan).