Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Metform Elementor Contact Form Builder 3.8.1

  • Severity: medium-risk
  • Status: Fixed
  • Publication: January 8, 2024

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to a security issue known as Cross-Site Request Forgery. This vulnerability affects all versions of the plugin up to and including version 3.8.1. The problem is caused by a lack of security measures which should prevent someone from making a forged request to the plugin. If a site administrator clicks on a link provided by an attacker, it can allow the attacker to connect their own Hubspot account to the victim’s metform, allowing them to access leads and contacts. To protect against this security issue, it is important to update the plugin to the latest version.

Detected in:

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor fixed vulnerable versions:
Metform Elementor Contact Form Builder fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.