VYPR

MetForm Pro

by MetForm Pro

CVEs (2)

  • CVE-2026-1261HigMar 10, 2026
    risk 0.47cvss 7.2epss 0.00

    The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz feature in all versions up to, and including, 3.9.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary…

  • CVE-2026-0633LowJan 24, 2026
    risk 0.17cvss 3.7epss 0.00

    The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.1.0. This is due to the use of a forgeable cookie value derived only from the entry ID and…