← Back

Wpmet

wpmet

67 CVEs • 9 products

Products (9)

Click to collapse
Toggle
Metform Elementor Contact Form Builder
metform_elementor_contact_form_builder
23 CVEs
Elements Kit Elementor Addons
elements_kit_elementor_addons
14 CVEs
Elementskit
elementskit
9 CVEs
Wp Ultimate Review
wp_ultimate_review
7 CVEs
Elementskit Elementor Addons
elementskit_elementor_addons
7 CVEs
Wp Social Login And Register Social Counter
wp_social_login_and_register_social_counter
3 CVEs
Fundengine
fundengine
2 CVEs
Shopengine
shopengine
1 CVE
Gutenkit
gutenkit
1 CVE

CVEs (67)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-0688
1Wpmet
1Metform Elementor Contact Form Builder
Apr 8, 2026
Jun 9, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_thankyou' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscrib...Show more
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_thankyou' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about form submissions, including payment status, and transaction ID.Show less
CVE-2022-45371
1Wpmet
1Shopengine
Nov 21, 2024
May 25, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Wpmet ShopEngine plugin <= 4.1.1 versions.
CVE-2023-0084
1Wpmet
1Metform Elementor Contact Form Builder
Apr 8, 2026
Mar 2, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and outp...Show more
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, which is the submissions page.Show less
CVE-2023-0085
1Wpmet
1Metform Elementor Contact Form Builder
Apr 8, 2026
Mar 2, 2023
N/A· v4
5.3 MEDIUM· v3
N/A· v2
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted d...Show more
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthenticated attackers to bypass Captcha restrictions and for attackers to utilize bots to submit forms.Show less
CVE-2022-0788
1Wpmet
1Fundengine
Dec 5, 2024
Jun 8, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection expl...Show more
The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated usersShow less
CVE-2022-1442
1Wpmet
1Metform Elementor Contact Form Builder
Apr 8, 2026
May 10, 2022
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys...Show more
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3.Show less
CVE-2021-24258
1Wpmet
1Elements Kit Elementor Addons
Nov 21, 2024
May 5, 2021
N/A· v4
5.4 MEDIUM· v3
4.0 MEDIUM· v2
The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a simila...Show more
The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.Show less