Metform Elementor Contact Form Builder

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Metform Elementor Contact Form Builder

Information

Software Type Plugin
Software Slug metform (view on wordpress.org)
Software Status Active
Software Author xpeedstudio
Software Website products.wpmet.com
Software Downloads 2,341,120
Software Active Installs 200,000
Software Record Last Updated October 4, 2023

16 vulnerabilities

Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode
4.3
CVE-2023-0689
Aug 30, 2023
Researcher: Ramuel Gall
Metform Elementor Contact Form Builder <= 3.3.2 - Cross-Site Request Forgery via permalink_setup
5.4
CVE-2023-2517
Jun 22, 2023
Researcher: Marco Wotschka
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_last_name shortcode
4.3
CVE-2023-0691
Jun 8, 2023
Researcher: Ramuel Gall
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_thankyou shortcode
6.5
CVE-2023-0688
Jun 8, 2023
Researcher: Ramuel Gall
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_payment_status' shortcode
4.3
CVE-2023-0692
Jun 8, 2023
Researcher: Ramuel Gall
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_transaction_id' shortcode
6.5
CVE-2023-0693
Jun 8, 2023
Researcher: Ramuel Gall
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf shortcode
6.5
CVE-2023-0694
Jun 8, 2023
Researcher: Ramuel Gall
Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf shortcode
5.4
CVE-2023-0695
Jun 8, 2023
Researcher: Ramuel Gall
Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_last_name shortcode
5.4
CVE-2023-0709
Jun 8, 2023
Researcher: Ramuel Gall
Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_thankyou shortcode
4.9
CVE-2023-0710
Jun 8, 2023
Researcher: Ramuel Gall
Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_first_name shortcode
5.4
CVE-2023-0708
Jun 8, 2023
Researcher: Ramuel Gall
Metform Elementor Contact Form Builder <= 3.3.0 - Unauthenticated CSV Injection
8.3
CVE-2023-0721
Jun 8, 2023
Researcher: Ramuel Gall
Metform Elementor Contact Form Builder <= 3.3.0 - Missing Authorization
6.5
CVE-2023-1843
May 4, 2023
Researcher: Marco Wotschka
Metform Elementor Contact Form Builder <= 3.2.1 - reCaptcha Protection Bypass
5.3
CVE-2023-0085
Mar 2, 2023
Researcher: Mohammed El Amin, Chemouri
Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2023-0084
Feb 2, 2023
Researcher: Mohammed El Amin, Chemouri
Metform Elementor Contact Form Builder <= 2.1.3 - Sensitive Information Disclosure
7.5
CVE-2022-1442
Apr 23, 2022
Researcher: Muhammad Zeeshan (Xib3rR4dAr)
Title CVE ID CVSS Researchers Date
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode CVE-2023-0689 4.3 Ramuel Gall August 30, 2023
Metform Elementor Contact Form Builder <= 3.3.2 - Cross-Site Request Forgery via permalink_setup CVE-2023-2517 5.4 Marco Wotschka June 22, 2023
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_last_name shortcode CVE-2023-0691 4.3 Ramuel Gall June 8, 2023
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_thankyou shortcode CVE-2023-0688 6.5 Ramuel Gall June 8, 2023
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_payment_status' shortcode CVE-2023-0692 4.3 Ramuel Gall June 8, 2023
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_transaction_id' shortcode CVE-2023-0693 6.5 Ramuel Gall June 8, 2023
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf shortcode CVE-2023-0694 6.5 Ramuel Gall June 8, 2023
Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf shortcode CVE-2023-0695 5.4 Ramuel Gall June 8, 2023
Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_last_name shortcode CVE-2023-0709 5.4 Ramuel Gall June 8, 2023
Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_thankyou shortcode CVE-2023-0710 4.9 Ramuel Gall June 8, 2023
Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_first_name shortcode CVE-2023-0708 5.4 Ramuel Gall June 8, 2023
Metform Elementor Contact Form Builder <= 3.3.0 - Unauthenticated CSV Injection CVE-2023-0721 8.3 Ramuel Gall June 8, 2023
Metform Elementor Contact Form Builder <= 3.3.0 - Missing Authorization CVE-2023-1843 6.5 Marco Wotschka May 4, 2023
Metform Elementor Contact Form Builder <= 3.2.1 - reCaptcha Protection Bypass CVE-2023-0085 5.3 Mohammed El Amin, Chemouri March 2, 2023
Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting CVE-2023-0084 7.2 Mohammed El Amin, Chemouri February 2, 2023
Metform Elementor Contact Form Builder <= 2.1.3 - Sensitive Information Disclosure CVE-2022-1442 7.5 Muhammad Zeeshan (Xib3rR4dAr) April 23, 2022

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation