Search
Search Results (22 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0633 | 3 Elementor, Roxnor, Wordpress | 3 Elementor, Metform Contact Form Survey Quiz Custom Form Builder For Elementor, Wordpress | 2026-04-15 | 3.7 Low |
| The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.1.0. This is due to the use of a forgeable cookie value derived only from the entry ID and current user ID without a server-side secret. This makes it possible for unauthenticated attackers to access form submission entry data via MetForm shortcodes for entries created within the transient TTL (default is 15 minutes). | ||||
| CVE-2026-1925 | 2 Roxnor, Wordpress | 2 Emailkit – Email Customizer For Woocommerce & Wp, Wordpress | 2026-04-15 | 4.3 Medium |
| The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'update_template_data' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the title of any post on the site, including posts, pages, and custom post types. | ||||