| CVE-2026-1782 | MetForm Pro <= 3.9.7 - Unauthenticated Payment Amount Manipulation via 'mf-calculation' | Wpmet | MetForm Pro | Medium | 5.3 | 2026-04-15 08:28:16 | Deep Dive |
| CVE-2026-1261 | MetForm Pro <= 3.9.6 - Unauthenticated Stored Cross-Site Scripting | Wpmet | MetForm Pro | High | 7.2 | 2026-03-10 09:25:30 | Deep Dive |
| CVE-2026-0633 | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Low | 3.7 | 2026-01-24 08:26:36 | Deep Dive |
| CVE-2025-5684 | MetForm <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via `mf-template` DOM Element | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.4 | 2025-07-29 19:42:34 | Deep Dive |
| CVE-2025-30914 | WordPress Metform Elementor Contact Form Builder plugin <= 3.9.7 - Server Side Request Forgery (SSRF) vulnerability | Roxnor | Metform | Medium | 4.4 | 2025-03-27 10:55:55 | Deep Dive |
| CVE-2023-50903 | WordPress Metform Elementor Contact Form Builder plugin <= 3.4.0 - Broken Access Control vulnerability | Roxnor | Metform | 中危 | - | 2024-12-09 11:29:53 | Deep Dive |
| CVE-2023-0714 | Metform Elementor Contact Form Builder <= 3.2.4 - Unauthenticated Double-Extension Arbitrary File Upload | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | High | 8.1 | 2024-08-17 09:38:58 | Deep Dive |
| CVE-2024-4266 | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 3.8.8 - Unauthenticated Sensitive Information Exposure | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.3 | 2024-06-11 07:32:26 | Deep Dive |
| CVE-2024-33570 | WordPress MetForm plugin <= 3.8.3 - Broken Access Control vulnerability | Roxnor | Metform | Medium | 4.3 | 2024-05-06 19:26:15 | Deep Dive |
| CVE-2024-2791 | Metform Elementor Contact Form Builder <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.4 | 2024-04-02 05:32:49 | Deep Dive |
| CVE-2024-1585 | Metform Elementor Contact Form Builder <= 3.8.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.4 | 2024-03-13 15:26:42 | Deep Dive |
| CVE-2023-6788 | Metform Elementor Contact Form Builder <= 3.8.1 - Cross-Site Request Forgery | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.4 | 2024-01-09 03:31:31 | Deep Dive |
| CVE-2023-0689 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 4.3 | 2023-08-31 05:33:06 | Deep Dive |
| CVE-2023-2517 | Metform Elementor Contact Form Builder <= 3.3.2 - Cross-Site Request Forgery via permalink_setup | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.4 | 2023-07-12 04:38:50 | Deep Dive |
| CVE-2023-0692 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_payment_status' shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 4.3 | 2023-06-09 05:33:37 | Deep Dive |
| CVE-2023-0721 | Metform Elementor Contact Form Builder <= 3.3.0 - Unauthenticated CSV Injection | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | High | 8.3 | 2023-06-09 05:33:34 | Deep Dive |
| CVE-2023-0708 | Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_first_name shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.4 | 2023-06-09 05:33:28 | Deep Dive |
| CVE-2023-0710 | Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_thankyou shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 4.9 | 2023-06-09 05:33:24 | Deep Dive |
| CVE-2023-0691 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_last_name shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 4.3 | 2023-06-09 05:33:24 | Deep Dive |
| CVE-2023-0688 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_thankyou shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.5 | 2023-06-09 05:33:23 | Deep Dive |