Metform and Elementor are two of the most popular contact form builders used by website owners. Recently, a vulnerability was discovered in both platforms that could allow malicious actors to gain access to sensitive user data.
The vulnerability was first reported by security researcher Dawid Golunski on October 28th, 2020. According to Golunski’s report, the vulnerability affects Metform versions 1.2.0 and below as well as Elementor versions 2.9.6 and below. The issue is related to how both platforms handle file uploads from users who submit forms through their websites or applications using either platform’s contact form builder feature.
Golunski found that when a user submits a form with an attached file, such as an image or document, it is stored in a publicly accessible directory on the server without any authentication checks being performed beforehand – meaning anyone can access these files without having any credentials for the site itself or even knowledge of its existence! This means attackers could potentially gain access to confidential information contained within those files if they were able to find them online via search engines like Google or Bing (which often index public directories).
Fortunately, there have been no reports of this vulnerability being exploited yet but it still poses a serious risk for website owners who use either Metform or Elementor’s contact form builder feature on their sites/applications since attackers may be able to gain unauthorized access into their systems if they know where these vulnerable files are located online (and how they can exploit them). As such, it is important for all users of either platform’s contact form builder feature to update their software immediately so as not to leave themselves open for attack from malicious actors looking take advantage of this security flaw!
To mitigate against potential attacks exploiting this vulnerability going forward, Metform has released version 1.3 which includes additional authentication checks before allowing file uploads while Elementor has also patched up its system with version 3+ containing similar protections against unauthorized file upload attempts made through its contact forms interface too – so make sure you upgrade your software accordingly if you’re using either one! Additionally; website owners should also ensure that all uploaded files are properly secured behind strong passwords and other measures like encryption so that only authorized personnel can view them – thus reducing chances further exploitation occurring due to lack proper protection mechanisms put place at source level (i..e., client-side).
It goes without saying that keeping your software up-to-date is essential when it comes maintaining secure web presence – especially given recent rise cyber threats targeting websites across globe today! So make sure check out latest releases available from developers regularly keep yourself safe online environment always changing landscape digital security risks posed us daily basis now more than ever before…
Search Engine Journal
WordPress is a powerful content management system (CMS) that has been used by millions of people around the world to create websites, blogs, and other
A recent vulnerability in the popular WordPress Header & Footer plugin has been discovered, potentially affecting over 1 million websites. The security flaw was identified
WordPress is the most popular content management system (CMS) in the world, and it’s no surprise why. It’s easy to use, has a wide range
Our unique WordPress hosting service provides lightning fast servers combined with expert speed optimization by our team of developers.