Metform
Roxnor
Developer
4.1.3
Latest version
600,000
Installations
No date
Last updated
Vulnerability history
0 present
25 patched
11 Mitigation rules
- WordPress MetForm - Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin <= 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value vulnerability<= 4.1.026/01/2026
- Authenticated(Contributor+) Stored Cross-Site Scripting via `mf-template` DOM Element vulnerability<= 4.0.129/07/2025
- Server Side Request Forgery (SSRF) vulnerability<= 3.9.227/03/2025
- Unauthenticated Double-Extension Arbitrary File Upload vulnerability<= 3.2.419/08/2024
- Unauthenticated Sensitive Information Exposure vulnerability<= 3.8.811/06/2024
- Broken Access Control vulnerability<= 3.8.325/04/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets vulnerability<= 3.8.502/04/2024
- Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 3.8.308/03/2024
- Cross-Site Request Forgery vulnerability<= 3.8.108/01/2024
- Broken Access Control vulnerability<= 3.4.026/12/2023
- Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode vulnerability<= 3.3.131/08/2023
- Cross-Site Request Forgery via permalink_setup vulnerability<= 3.3.222/06/2023
- Authenticated (Subscriber+) Information Disclosure via 'mf_payment_status' shortcode vulnerability<= 3.3.112/06/2023
- Unauthenticated CSV Injection vulnerability<= 3.3.012/06/2023
- Authenticated (Contributor+) Stored Cross-Site Scripting via mf_first_name shortcode vulnerability<= 3.3.012/06/2023
- Authenticated (Subscriber+) Information Disclosure via mf_last_name shortcode vulnerability<= 3.3.112/06/2023
- Authenticated (Subscriber+) Information Disclosure via mf_thankyou shortcode vulnerability<= 3.3.112/06/2023
- Authenticated (Contributor+) Stored Cross-Site Scripting via mf_last_name shortcode vulnerability<= 3.3.012/06/2023
- Authenticated (Subscriber+) Information Disclosure via 'mf_transaction_id' shortcode vulnerability<= 3.3.112/06/2023
- Authenticated (Contributor+) Stored Cross-Site Scripting via mf shortcode vulnerability<= 3.3.012/06/2023
- Authenticated (Subscriber+) Information Disclosure via mf shortcode vulnerability<= 3.3.112/06/2023
- Missing Authorization vulnerability<= 3.3.005/05/2023
- reCaptcha Protection Bypass vulnerability<= 3.2.103/03/2023
- Unauthenticated Stored Cross-Site Scripting vulnerability<= 3.1.203/02/2023
- Unauthenticated API keys and Secrets Disclosure vulnerability<= 2.1.323/04/2022