CVE-2024-4266

Name of the Vulnerable Software and Affected Versions The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress versions prior to 3.8.9

Description The issue allows unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users via the handle file function.

Recommendations For versions up to, and including, 3.8.8, update to version 3.8.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the handle file function until a patch is available.