305 matches found
EUVD-2023-55636
Malicious code in bioql PyPI...
EUVD-2023-12738
Malicious code in bioql PyPI...
EUVD-2023-12749
Malicious code in bioql PyPI...
EUVD-2024-27735
Malicious code in bioql PyPI...
EUVD-2023-12737
Malicious code in bioql PyPI...
EUVD-2025-8309
Malicious code in bioql PyPI...
CVE-2025-5684 MetForm <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via `mf-template` DOM Element
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mf-template DOM Element in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-5684 MetForm <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via `mf-template` DOM Element
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mf-template DOM Element in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-5684
CVE-2025-5684 : MetForm – WordPress plugin vulnerable to Stored Cross-Site Scripting via the mf-template DOM element in all versions up to and including 4.0.1. An authenticated attacker with Contributor-level access or higher can inject scripts executed by users on injected pages. Public sources ...
WordPress MetForm plugin <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via `mf-template` DOM Element vulnerability
AuthenticatedContributor+ Stored Cross-Site Scripting via mf-template DOM Element vulnerability discovered by Asaf Mozes in WordPress Plugin Metform versions = 4.0.1...
PT-2025-31262 · Elementor +1 · Elementor +1
Name of the Vulnerable Software and Affected Versions: MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress versions up to and including 4.0.1 Description: The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress ...
WordPress plugin MetForm 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...
CVE-2024-2791
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-1585
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-4266
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handlefile' function. This can allow unauthenticated attackers to extract sensitive data, such as...
CVE-2024-33570
Missing Authorization vulnerability in Roxnor Metform metform.This issue affects Metform: from n/a through = 3.8.3...
CVE-2023-0709
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mflastname' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to injec...
CVE-2023-0695
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject...
CVE-2023-0084
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2023-0688
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mfthankyou' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about form...