EUVD-2023-12723

Malicious code in bioql PyPI...

WordPress MetForm plugin <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via `mf-template` DOM Element vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via mf-template DOM Element vulnerability discovered by Asaf Mozes in WordPress Plugin Metform versions = 4.0.1...

WordPress Metform Elementor Contact Form Builder plugin <= 3.9.7 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Marek Mikita in WordPress Plugin Metform versions = 3.9.2...

CVE-2025-30914 WordPress Metform Elementor Contact Form Builder plugin <= 3.9.7 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Roxnor Metform metform allows Server Side Request Forgery.This issue affects Metform: from n/a through = 3.9.2...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.2.4 is vulnerable to Arbitrary File Upload

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.2.4 Fixed in 3.3.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-0714 Patch priority High CVSS severity High 9 Developer Wpmet PSID a1d516cfa020 Credits Ram Required privilege...

CVE-2023-0714

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" attack and upload files containing a malicious...

WordPress Metform Elementor Contact Form Builder plugin <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Widgets vulnerability discovered by Dau Hoang Tai in WordPress Plugin Metform versions = 3.8.5...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0695 Patch priority Low CVSS severity Low 6.5 Developer Wpmet PSID fb3ef0c3223e Credits Ramuel Gall...

CVE-2023-0691 Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_last_name shortcode

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mflastname' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.0 is vulnerable to Broken Access Control

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1843 Patch priority High CVSS severity High 6.5 Developer Wpmet PSID b16a58b44328 Credits Marco Wotschka...