CVE-2023-0721

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and...

CVE-2023-0693

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mftransactionid' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the...

CVE-2023-0694

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about any standard form...

CVE-2023-0692

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mfpaymentstatus' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the...

CVE-2023-1843

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalinksetup function in versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to change the...

CVE-2023-0708

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mffirstname' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inje...

CVE-2023-0691

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mflastname' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary...

CVE-2023-0689

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mffirstname' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrar...

CVE-2023-0710

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'fname' attribute of the 'mfthankyou' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level...

CVE-2023-0085

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthenticated attackers...

CVE-2023-50903

Missing Authorization vulnerability in Roxnor Metform metform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metform: from n/a through = 3.4.0...

CVE-2023-6788

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on the contents function. This makes it possible for unauthenticated attackers to update th...

CVE-2025-30914

Server-Side Request Forgery SSRF vulnerability in Roxnor Metform metform allows Server Side Request Forgery.This issue affects Metform: from n/a through = 3.9.2...

WordPress Metform Elementor Contact Form Builder plugin <= 3.9.7 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Marek Mikita in WordPress Plugin Metform versions = 3.9.2...

CVE-2025-30914

Server-Side Request Forgery SSRF vulnerability in Roxnor Metform metform allows Server Side Request Forgery.This issue affects Metform: from n/a through = 3.9.2...

CVE-2025-30914

Server-Side Request Forgery SSRF vulnerability in Roxnor Metform metform allows Server Side Request Forgery.This issue affects Metform: from n/a through = 3.9.2...

CVE-2025-30914 WordPress Metform Elementor Contact Form Builder plugin <= 3.9.7 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Roxnor Metform metform allows Server Side Request Forgery.This issue affects Metform: from n/a through = 3.9.2...

CVE-2025-30914

CVE-2025-30914 describes a Server-Side Request Forgery (SSRF) in MetForm (MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor) affecting versions up to 3.9.2. The vulnerability is categorized as SSRF with a CVSS v3.1 base score of 4.4 (Medium). The connected data confirms th...

CVE-2025-30914 WordPress Metform Elementor Contact Form Builder plugin <= 3.9.7 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Roxnor Metform metform allows Server Side Request Forgery.This issue affects Metform: from n/a through = 3.9.2...

WordPress plugin Metform 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...