Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor — Vulnerabilities & Security Advisories 23

All 23 CVE vulnerabilities found in MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor, with AI-generated Chinese analysis, references, and POCs.

Vendor: roxnor

CVE IDTitleCVSSSeverityPublished
CVE-2026-0633 MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value CWE-287 3.7 Low2026-01-24
CVE-2025-5684 MetForm <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via `mf-template` DOM Element CWE-79 6.4 Medium2025-07-29
CVE-2023-0714 Metform Elementor Contact Form Builder <= 3.2.4 - Unauthenticated Double-Extension Arbitrary File Upload CWE-434 8.1 High2024-08-17
CVE-2024-4266 MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 3.8.8 - Unauthenticated Sensitive Information Exposure CWE-200 5.3 Medium2024-06-11
CVE-2024-2791 Metform Elementor Contact Form Builder <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets CWE-79 6.4 Medium2024-04-02
CVE-2024-1585 Metform Elementor Contact Form Builder <= 3.8.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2024-03-13
CVE-2023-6788 Metform Elementor Contact Form Builder <= 3.8.1 - Cross-Site Request Forgery CWE-352 5.4 Medium2024-01-09
CVE-2023-0689 Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode CWE-639 4.3 Medium2023-08-31
CVE-2023-2517 Metform Elementor Contact Form Builder <= 3.3.2 - Cross-Site Request Forgery via permalink_setup CWE-352 5.4 Medium2023-07-12
CVE-2023-0692 Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_payment_status' shortcode CWE-639 4.3 Medium2023-06-09
CVE-2023-0721 Metform Elementor Contact Form Builder <= 3.3.0 - Unauthenticated CSV Injection CWE-1236 8.3 High2023-06-09
CVE-2023-0708 Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_first_name shortcode CWE-79 5.4 Medium2023-06-09
CVE-2023-0691 Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_last_name shortcode CWE-639 4.3 Medium2023-06-09
CVE-2023-0710 Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_thankyou shortcode CWE-79 4.9 Medium2023-06-09
CVE-2023-0688 Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_thankyou shortcode CWE-639 6.5 Medium2023-06-09
CVE-2023-1843 Metform Elementor Contact Form Builder <= 3.3.0 - Missing Authorization CWE-862 6.5 Medium2023-06-09
CVE-2023-0709 Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_last_name shortcode CWE-79 5.4 Medium2023-06-09
CVE-2023-0693 Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_transaction_id' shortcode CWE-639 6.5 Medium2023-06-09
CVE-2023-0694 Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf shortcode CWE-639 6.5 Medium2023-06-09
CVE-2023-0695 Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf shortcode CWE-79 5.4 Medium2023-06-09
CVE-2023-0084 Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting CWE-79 7.2 High2023-03-02
CVE-2023-0085 Metform Elementor Contact Form Builder <= 3.2.1 - reCaptcha Protection Bypass CWE-693 5.3 Medium2023-03-02
CVE-2022-1442 Metform Elementor Contact Form Builder <= 2.1.3 - Sensitive Information Disclosure CWE-862 7.5 High2022-05-10

All 23 known CVE vulnerabilities affecting MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor with full Chinese analysis, references, and POCs where available.