cleantalk
Vulnerabilities and Security Researches

Metform Elementor Contact Form Builder, CVE-2024-4266

CVE, Research URL

CVE-2024-4266

Home page URL

Security reports for Metform Elementor Contact Form Builder

Application

Metform Elementor Contact Form Builder

Published on
Jun 11, 2024
Research Description
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users.
Affected versions
Min -, max 3.8.9.
Status
vulnerable
Previous vulnerability researches
Metform Elementor Contact Form Builder (CVE-2025-30914) , Apr 01, 2025
Metform Elementor Contact Form Builder (CVE-2023-50903) , Jun 10, 2024
Metform Elementor Contact Form Builder (CVE-2024-4266) , Jun 14, 2024
Metform Elementor Contact Form Builder (CVE-2023-0709) , Jun 06, 2024
Metform Elementor Contact Form Builder (CVE-2022-1442) , Jun 06, 2024
New vulnerability
Customizable WordPress Gallery Plugin – Modula Image Gallery (CVE-2024-9416) , Apr 04, 2025
Contact Form vCard Generator (CVE-2025-31582) , Apr 04, 2025
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2025-1663) , Apr 04, 2025
AI Search Bar (CVE-2025-31563) , Apr 04, 2025
Ship Per Product (CVE-2025-31773) , Apr 04, 2025