CVE-2022-1442
published 2022-05-10CVE-2022-1442: The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be…
PriorityP261high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
9.11%
94.7th percentile
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpmet | metform_elementor_contact_form_builder | < 2.1.4 | 2.1.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →Unauthenticated GET request to /wp-json/metform/v1/forms/templates/0 followed by /wp-json/metform/v1/forms/get/{id} returning HTTP 200 with Content-Type application/json and body containing 'mf_recaptcha_secret_key' and 'admin_email_from' indicates successful exploitation.
- →Response body containing 'mf_recaptcha_secret_key' indicates API secrets (PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA, etc.) are being disclosed via the unauthenticated REST endpoint.
- →The first request extracts a numeric form ID from an <option value> HTML element, which is then used in the second request to retrieve sensitive configuration data.
- ·Vulnerability affects Metform WordPress plugin versions up to and including 2.1.3; version 2.1.4 and above contain the fix. ↗
- ·The vulnerable REST API endpoint requires no authentication (PR:N, UI:N), making it exploitable by any unauthenticated remote attacker.
- ·High EPSS score (~74.9%) indicates this vulnerability has a very high probability of exploitation in the wild.
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress Metform <=2.1.3 - Information Disclosure
nuclei·CVSS 7.5
CVE-2022-1442 [HIGH] WordPress Metform <=2.1.3 - Information Disclosure
WordPress Metform =2.1.4) to fix the information disclosure vulnerability.
reference:
- https://gist.github.com/Xib3rR4dAr/6e6c6e5fa1f8818058c7f03de1eda6bf
- https://wpscan.com/vulnerability/9f3fcdd4-9ddc-45d5-a4af-e58634813c2b
- https://wordpress.org/plugins/metform/advanced/
- https://nvd.nist.gov/vuln/detail/CVE-2022-1442
- https://plugins.trac.wordpress.org/changeset/2711944/metform/trunk/core/forms/action.php
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2022-1442
cwe-id: CWE-862
epss-score: 0.74862
epss-percentile: 0.98867
cpe: cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: wpmet
product: metform_elementor_contact_form_builder
framework: wordpress
g
No writeups or analysis indexed.
https://gist.github.com/Xib3rR4dAr/6e6c6e5fa1f8818058c7f03de1eda6bfhttps://plugins.trac.wordpress.org/changeset/2711944/metform/trunk/core/forms/action.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/04a46249-b5b2-4082-b520-cdc4a1370bb1?source=cvehttps://gist.github.com/Xib3rR4dAr/6e6c6e5fa1f8818058c7f03de1eda6bfhttps://plugins.trac.wordpress.org/changeset/2711944/metform/trunk/core/forms/action.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/04a46249-b5b2-4082-b520-cdc4a1370bb1?source=cve
2022-05-10
Published