Vulnerabilities > Wpmet > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-12 | CVE-2023-28987 | Cross-Site Request Forgery (CSRF) vulnerability in Wpmet WP Ultimate Review Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions. | 8.8 |
| 2023-10-22 | CVE-2023-46085 | Cross-Site Request Forgery (CSRF) vulnerability in Wpmet WP Ultimate Review Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.2.4 versions. | 8.8 |
| 2023-06-09 | CVE-2023-0721 | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. | 7.8 |
| 2023-05-25 | CVE-2022-45371 | Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Shopengine Cross-Site Request Forgery (CSRF) vulnerability in Wpmet ShopEngine plugin <= 4.1.1 versions. | 8.8 |
| 2022-05-10 | CVE-2022-1442 | Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3. | 7.5 |