Published: 10/05/2022 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated malicious user to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wpmet metform elementor contact form builder

WordPress Plugin Metform <= 2.1.3 - Improper Access Control Allowing Unauthenticated Sensitive Information Disclosure

CVE-2022-1442 WordPress Plugin Metform <= 213 - Improper Access Control Allowing Unauthenticated Sensitive Information Disclosure Description The is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/actionphp file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-p

CWE-862 https://gist.github.com/Xib3rR4dAr/6e6c6e5fa1f8818058c7f03de1eda6bf https://plugins.trac.wordpress.org/changeset/2711944/metform/trunk/core/forms/action.php https://www.wordfence.com/threat-intel/vulnerabilities/id/04a46249-b5b2-4082-b520-cdc4a1370bb1?source=cve https://nvd.nist.gov https://github.com/RandomRobbieBF/CVE-2022-1442

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-1442

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect