Login Sign Up

CVE-2024-4266

5.3 MEDIUM

📋 TL;DR

This vulnerability in the MetForm WordPress plugin allows unauthenticated attackers to access sensitive files uploaded by users through form submissions. It affects WordPress sites using MetForm versions up to 3.8.8, potentially exposing Personally Identifiable Information (PII) and other confidential data.

💻 Affected Systems

Products:
  • MetForm - Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
Versions: Up to and including 3.8.8
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects WordPress installations with the vulnerable plugin version installed and active.

📦 What is this software?

Metform Elementor Contact Form Builder by Wpmet

View all CVEs affecting Metform Elementor Contact Form Builder →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could extract sensitive PII, financial information, or confidential documents uploaded by users, leading to data breaches, regulatory fines, and reputational damage.

🟠

Likely Case

Unauthenticated attackers accessing uploaded files containing PII or other sensitive information, potentially enabling identity theft or further attacks.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to potential exposure of non-sensitive files or detection of attempted exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability exists in the handle_file function and requires no authentication to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.8.9

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3099977/

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins > Installed Plugins
3. Find MetForm plugin
4. Click 'Update Now' if available
5. If not available, download version 3.8.9+ from WordPress repository
6. Deactivate old version
7. Upload and activate new version

🔧 Temporary Workarounds

Disable MetForm Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate metform

Restrict File Upload Access

linux

Add .htaccess rules to restrict access to uploaded files directory

Add 'Deny from all' to .htaccess in wp-content/uploads/metform directory

🧯 If You Can't Patch

  • Implement web application firewall rules to block access to metform file upload endpoints
  • Monitor file access logs for unusual patterns targeting metform upload directories

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > MetForm version. If version is 3.8.8 or lower, you are vulnerable.

Check Version:

wp plugin get metform --field=version

Verify Fix Applied:

Verify MetForm plugin version is 3.8.9 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to /wp-content/uploads/metform/ files
  • Multiple failed or successful requests to metform file endpoints from single IPs

Network Indicators:

  • HTTP requests to paths containing 'metform' and file parameters
  • Unusual traffic to upload directories

SIEM Query:

source="web_logs" AND (uri="*metform*" AND uri="*file*" OR uri="*action.php*") AND status=200

📊 Metadata

CVE ID: CVE-2024-4266
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Published: June 11, 2024
Last Updated: February 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON