CVE-2024-4266 MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 3.8.8 - Unauthenticated Sensitive Information Exposure

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handlefile' function. This can allow unauthenticated attackers to extract sensitive data, such as...

Wordpress MetForm plugin <= 3.8.8 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by Tim Coen in WordPress Plugin Metform versions = 3.8.8...

WordPress plugin MetForm security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.8.8 is vulnerable to Sensitive Data Exposure

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.8.8 Fixed in 3.8.9 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-4266 Patch priority Low CVSS severity Low 5.3 Developer Wpmet PSID f8748d7d1a5f Credits Tim Coen...

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor < 3.8.9 - Unauthenticated Sensitive Information Exposure

Description The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handlefile' function. This can allow unauthenticated attackers to extract sensitive data,...

CVE-2024-33570

Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.8.3...

CVE-2024-33570 WordPress MetForm plugin <= 3.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Roxnor Metform metform.This issue affects Metform: from n/a through = 3.8.3...

CVE-2024-33570 WordPress MetForm plugin <= 3.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Roxnor Metform metform.This issue affects Metform: from n/a through = 3.8.3...

CVE-2024-33570

CVE-2024-33570: Metform Elementor Contact Form Builder for WordPress (versions ≤ 3.8.3) has a Missing Authorization/Broken Access Control vulnerability. The issue enables unauthorized access due to missing authorization checks. Reported as affecting Metform Elementor Contact Form Builder; remedia...

PT-2024-25339 · Unknown · Metform Elementor Contact Form Builder

Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder versions 3.8.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Metform Elementor Contact Form Builder. Recommendations: For Metform Elementor Contact Form...

WordPress plugin Metform Elementor Contact Form Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

WordPress MetForm plugin <= 3.8.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Metform versions = 3.8.3...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.8.3 is vulnerable to Broken Access Control

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.8.3 Fixed in 3.8.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33570 Patch priority Low CVSS severity Low 4.3 Developer Wpmet PSID fffb628901c9 Credits Rafie Muhammad...

CVE-2024-2791

CVE-2024-2791 : MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor (WordPress) is affected through Stored Cross-Site Scripting in widgets on versions up to 3.8.5 due to insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires au...

CVE-2024-2791 Metform Elementor Contact Form Builder <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Metform Elementor Contact Form Builder plugin <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Widgets vulnerability discovered by Dau Hoang Tai in WordPress Plugin Metform versions = 3.8.5...

WordPress Plugin Metform Elementor Contact Form Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

Metform Elementor Contact Form Builder < 3.8.6 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...

PT-2024-22126 · WordPress · Metform Elementor Contact Form Builder

Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder plugin for WordPress versions up to, and including, 3.8.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.8.5 is vulnerable to Cross Site Scripting (XSS)

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.8.5 Fixed in 3.8.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2791 Patch priority Low CVSS severity Low 6.5 Developer Wpmet PSID f8f51d893718 Credits Dau Hoang T...