CVE-2024-4266

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 3.8.8 - Unauthenticated Sensitive Information Exposure

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users.

We have discovered 6,786 live websites that are affected by CVE-2024-4266.

Test my site



Affected Software

Product  Metform
Category Wordpress Plugins
Vulnerable Domains6,786 live websites (20.02% of Metform install base)
Vulnerable Versions
  • from 0 through 3.8.8
Vulnerable Versions Count77 versions ( 91.67% of all versions)



Details

  • Published - Jun 11, 2024
  • Updated - Aug 1, 2024

Credits

  • Tim Coen (finder)

CVE-2024-4266 usage by Country

United States1,958 websites


Germany903 websites
Cyprus468 websites
France352 websites
GB303 websites
Brazil239 websites
Turkey201 websites
Spain179 websites
Russia174 websites
Poland141 websites

CVE-2024-4266 usage by TLD

.com3,071 websites
.com.br356 websites
.org242 websites
.de193 websites
.co.uk171 websites
.net138 websites
.ru137 websites
.it131 websites
.pl101 websites
.nl100 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2024-4266

Top websites that are affected by CVE-2024-4266. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*******.com United States**,***
********************.com United States***,***
*****************.com United States***,***
********.com United States***,***
*****************.com United States***,***
*************.com United States***,***
********.pt Portugal***,***
*********.com United States***,***
******.at Austria***,***
***************.org United States***,***
See full domain list

FAQ

A total of 6,786 websites have been identified as vulnerable to CVE-2024-4266, discovered through global website indexing conducted by WebTechSurvey.
Metform is susceptible to CVE-2024-4266 vulnerability.
Metform versions before, and including, 3.8.8 are vulnerable to CVE-2024-4266.