Roxnor Metform – Contact Form, Survey, Quiz, & Custom Form Builder For Elementor
23 CVEs affecting Roxnor Metform – Contact Form, Survey, Quiz, & Custom Form Builder For Elementor. Latest disclosed: 2026-01-24. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-0721 | High | 8.3 | 2023-06-09 | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthentic… |
CVE-2023-0714 | High | 8.1 | 2024-08-17 | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and… |
CVE-2022-1442 | High | 7.5 | 2022-05-10 | The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be… |
CVE-2023-0084 | High | 7.2 | 2023-03-02 | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and inc… |
CVE-2023-0688 | Medium | 6.5 | 2023-06-09 | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_thankyou' shortcode in versions up to, and includi… |
CVE-2023-1843 | Medium | 6.5 | 2023-06-09 | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on t… |
CVE-2023-0693 | Medium | 6.5 | 2023-06-09 | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_transaction_id' shortcode in versions up to, and i… |
CVE-2023-0694 | Medium | 6.5 | 2023-06-09 | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and including, 3.3.1… |
CVE-2025-5684 | Medium | 6.4 | 2025-07-29 | The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `mf-tem… |
CVE-2024-2791 | Medium | 6.4 | 2024-04-02 | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, an… |
CVE-2024-1585 | Medium | 6.4 | 2024-03-13 | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up t… |
CVE-2023-6788 | Medium | 5.4 | 2024-01-09 | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This i… |
CVE-2023-2517 | Medium | 5.4 | 2023-07-12 | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is du… |
CVE-2023-0708 | Medium | 5.4 | 2023-06-09 | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_first_name' shortcode to echo unescaped form su… |
CVE-2023-0709 | Medium | 5.4 | 2023-06-09 | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_last_name' shortcode to echo unescaped form sub… |
CVE-2023-0695 | Medium | 5.4 | 2023-06-09 | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions i… |
CVE-2024-4266 | Medium | 5.3 | 2024-06-11 | The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions… |
CVE-2023-0085 | Medium | 5.3 | 2023-03-02 | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insuf… |
CVE-2023-0710 | Medium | 4.9 | 2023-06-09 | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'fname' attribute of the 'mf_thankyou' shortcode to… |
CVE-2023-0689 | Medium | 4.3 | 2023-08-31 | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and inclu… |