Vulnerabilities > Wpmet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-09 | CVE-2023-1843 | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalink_setup function in versions up to, and including, 3.3.0. | 5.3 |
| 2023-05-25 | CVE-2022-45371 | Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Shopengine 4.1.1 Cross-Site Request Forgery (CSRF) vulnerability in Wpmet ShopEngine plugin <= 4.1.1 versions. | 8.8 |
| 2023-03-02 | CVE-2023-0084 | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. | 6.1 |
| 2023-03-02 | CVE-2023-0085 | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. | 5.3 |
| 2022-06-08 | CVE-2022-0788 | SQL Injection vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users | 9.8 |
| 2022-05-10 | CVE-2022-1442 | Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3. | 7.5 |
| 2021-05-05 | CVE-2021-24258 | Cross-site Scripting vulnerability in Wpmet Elements KIT Elementor Addons The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | 5.4 |