Wpmet Metform Elementor Contact Form Builder — known CVE vulnerabilities
Every CVE whose affected-product data names Wpmet Metform Elementor Contact Form Builder, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2023-0721 — CVSS 8.3 (high): The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0…
CVE-2023-0714 — CVSS 8.1 (high): The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in…
CVE-2022-1442 — CVSS 7.5 (high): The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php…
CVE-2023-0084 — CVSS 7.2 (high): The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in…
CVE-2023-1843 — CVSS 6.5 (medium): The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing…
CVE-2023-0688 — CVSS 6.5 (medium): The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_thankyou' shortcode in…
CVE-2023-0693 — CVSS 6.5 (medium): The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_transaction_id' shortcode in…
CVE-2023-0694 — CVSS 6.5 (medium): The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to…
CVE-2024-2791 — CVSS 6.4 (medium): The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in…
CVE-2024-1585 — CVSS 6.4 (medium): The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s)…
CVE-2023-0709 — CVSS 5.4 (medium): The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_last_name' shortcode to…
CVE-2023-0695 — CVSS 5.4 (medium): The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo…
CVE-2023-0708 — CVSS 5.4 (medium): The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_first_name' shortcode to…
CVE-2023-2517 — CVSS 5.4 (medium): The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and…
CVE-2023-6788 — CVSS 5.4 (medium): The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
CVE-2023-50903 — CVSS 5.3 (medium): Missing Authorization vulnerability in Roxnor Metform metform allows Exploiting Incorrectly Configured Access Control Security Levels.This…
CVE-2023-0085 — CVSS 5.3 (medium): The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1…
CVE-2024-4266 — CVSS 5.3 (medium): The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information…
CVE-2023-0710 — CVSS 4.9 (medium): The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'fname' attribute of the…
CVE-2023-0692 — CVSS 4.3 (medium): The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_payment_status' shortcode in…
CVE-2024-33570 — CVSS 4.3 (medium): Missing Authorization vulnerability in Roxnor Metform metform.This issue affects Metform: from n/a through <= 3.8.3.
CVE-2023-0689 — CVSS 4.3 (medium): The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in…
CVE-2023-0691 — CVSS 4.3 (medium): The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_last_name' shortcode in…