CVE-2026-0633 - MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value
CVE ID : CVE-2026-0633
Published : Jan. 24, 2026, 9:15 a.m. | 2 hours, 59 minutes ago
Description : The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.1.0. This is due to the use of a forgeable cookie value derived only from the entry ID and current user ID without a server-side secret. This makes it possible for unauthenticated attackers to access form submission entry data via MetForm shortcodes for entries created within the transient TTL (default is 15 minutes).
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : Jan. 24, 2026, 9:15 a.m. | 2 hours, 59 minutes ago
Description : The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.1.0. This is due to the use of a forgeable cookie value derived only from the entry ID and current user ID without a server-side secret. This makes it possible for unauthenticated attackers to access form submission entry data via MetForm shortcodes for entries created within the transient TTL (default is 15 minutes).
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...