Sensitive Information Exposure Vulnerability in MetForm Plugin

CVE-2024-4266

5.3MEDIUM

Key Information

Vendor: Xpeedstudio
Status: Metform – Contact Form, Survey, Quiz, & Custom Form Builder For Elementor
Vendor: Published:; 11 June 2024

Summary

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users.

Affected Version(s)

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 3.8.8

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Timeline

Vulnerability published.
Jun 11, 2024
Disclosed
Jun 10, 2024
Vulnerability Reserved.
Apr 26, 2024

Collectors

NVD DatabaseMitre Database

Credit

Tim Coen