Vulnerabilities > Wpmet > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-09 | CVE-2023-50903 | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.4.0. | 9.8 |
| 2024-08-17 | CVE-2023-0714 | Unrestricted Upload of File with Dangerous Type vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. | 9.8 |
| 2024-06-14 | CVE-2024-4404 | Server-Side Request Forgery (SSRF) vulnerability in Wpmet Elementskit The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. | 9.6 |
| 2022-06-08 | CVE-2022-0788 | Unspecified vulnerability in Wpmet Fundengine The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users | 9.8 |