CVE-2024-4266
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 3.8.8 - Unauthenticated Sensitive Information Exposure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users.
El complemento MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor para WordPress es vulnerable a la exposición de información confidencial en versiones hasta la 3.8.8 incluida a través de la función 'handle_file'. Esto puede permitir a atacantes no autenticados extraer datos confidenciales, como información de identificación personal, de archivos cargados por los usuarios.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-04-26 CVE Reserved
- 2024-06-10 CVE Published
- 2024-08-01 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xpeedstudio Search vendor "Xpeedstudio" | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder For Elementor Search vendor "Xpeedstudio" for product "MetForm – Contact Form, Survey, Quiz, & Custom Form Builder For Elementor" | <= 3.8.8 Search vendor "Xpeedstudio" for product "MetForm – Contact Form, Survey, Quiz, & Custom Form Builder For Elementor" and version " <= 3.8.8" | en |
Affected
| ||||||