{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T19:15:53.029","vulnerabilities":[{"cve":{"id":"CVE-2026-0633","sourceIdentifier":"security@wordfence.com","published":"2026-01-24T09:15:52.843","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.1.0. This is due to the use of a forgeable cookie value derived only from the entry ID and current user ID without a server-side secret. This makes it possible for unauthenticated attackers to access form submission entry data via MetForm shortcodes for entries created within the transient TTL (default is 15 minutes)."},{"lang":"es","value":"El plugin MetForm – Contact Form, Survey, Quiz, & Custom Form Builder para Elementor para WordPress es vulnerable a la Exposición de Información Sensible en versiones hasta la 4.1.0, inclusive. Esto se debe al uso de un valor de cookie falsificable derivado únicamente del ID de entrada y del ID de usuario actual sin un secreto del lado del servidor. Esto hace posible que atacantes no autenticados accedan a los datos de entrada de envío de formularios a través de los shortcodes de MetForm para entradas creadas dentro del TTL transitorio (el valor predeterminado es 15 minutos)."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3438419/metform","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d72cc420-1ff5-403b-b4ea-7c820fdebcf3?source=cve","source":"security@wordfence.com"}]}}]}