2 matches found
CVE-2025-5684 MetForm <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via `mf-template` DOM Element
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mf-template DOM Element in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it...
WordPress MetForm plugin <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via `mf-template` DOM Element vulnerability
AuthenticatedContributor+ Stored Cross-Site Scripting via mf-template DOM Element vulnerability discovered by Asaf Mozes in WordPress Plugin Metform versions = 4.0.1...