CVE-2022-1442 - Vulnerability Details - OpenCVE

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Wpmet	Metform Elementor Contact Form Builder

Configuration 1 [-]

cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://gist.github.com/Xib3rR4dAr/6e6c6e5fa1f8818058c7f03de1eda6bf
https://plugins.trac.wordpress.org/changeset/2711944/metform/trunk/core/forms/action.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/04a46249-b5b2-4082-b520-cdc4a1370bb1?source=cve

History

Mon, 05 May 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2022-05-10T19:30:12.000Z

Updated: 2025-05-05T16:42:28.370Z

Reserved: 2022-04-23T00:00:00.000Z

Link: CVE-2022-1442

Vulnrichment

Updated: 2024-08-03T00:03:06.252Z

NVD

Status : Modified

Published: 2022-05-10T20:15:08.473

Modified: 2025-05-05T17:17:34.507

Link: CVE-2022-1442

Redhat

No data.

{"containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-10-20T15:05:57.036Z"}, "affected": [{"vendor": "xpeedstudio", "product": "Metform Elementor Contact Form Builder", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "2.1.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/04a46249-b5b2-4082-b520-cdc4a1370bb1?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/2711944/metform/trunk/core/forms/action.php"}, {"url": "https://gist.github.com/Xib3rR4dAr/6e6c6e5fa1f8818058c7f03de1eda6bf"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Zeeshan"}], "timeline": [{"time": "2022-04-23T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:03:06.252Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/04a46249-b5b2-4082-b520-cdc4a1370bb1?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/2711944/metform/trunk/core/forms/action.php", "tags": ["x_transferred"]}, {"url": "https://gist.github.com/Xib3rR4dAr/6e6c6e5fa1f8818058c7f03de1eda6bf", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-862", "lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T13:17:45.725272Z", "id": "CVE-2022-1442", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T16:42:28.370Z"}}]}, "cveMetadata": {"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2022-1442", "datePublished": "2022-05-10T19:30:12.000Z", "dateReserved": "2022-04-23T00:00:00.000Z", "dateUpdated": "2025-05-05T16:42:28.370Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/04a46249-b5b2-4082-b520-cdc4a1370bb1?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/2711944/metform/trunk/core/forms/action.php", "tags": ["x_transferred"]}, {"url": "https://gist.github.com/Xib3rR4dAr/6e6c6e5fa1f8818058c7f03de1eda6bf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:03:06.252Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-1442", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T13:17:45.725272Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T13:12:33.965Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Muhammad Zeeshan"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "xpeedstudio", "product": "Metform Elementor Contact Form Builder", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.1.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2022-04-23T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/04a46249-b5b2-4082-b520-cdc4a1370bb1?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/2711944/metform/trunk/core/forms/action.php"}, {"url": "https://gist.github.com/Xib3rR4dAr/6e6c6e5fa1f8818058c7f03de1eda6bf"}], "descriptions": [{"lang": "en", "value": "The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-10-20T15:05:57.036Z"}}}, "cveMetadata": {"cveId": "CVE-2022-1442", "state": "PUBLISHED", "dateUpdated": "2025-05-05T16:42:28.370Z", "dateReserved": "2022-04-23T00:00:00.000Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2022-05-10T19:30:12.000Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E11424B5-31BB-4901-B91C-AB4FDF13023E", "versionEndExcluding": "2.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3."}, {"lang": "es", "value": "El plugin Metform para WordPress es vulnerable a una divulgaci\u00f3n de informaci\u00f3n confidencial debido a un control de acceso inapropiado en el archivo ~/core/forms/action.php que puede ser aprovechado por un atacante no autenticado para visualizar todas las claves y secretos de las API de terceros integradas como la de PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA y muchas m\u00e1s, en versiones hasta la 2.1.3 incluy\u00e9ndola"}], "id": "CVE-2022-1442", "lastModified": "2025-05-05T17:17:34.507", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-10T20:15:08.473", "references": [{"source": "security@wordfence.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/Xib3rR4dAr/6e6c6e5fa1f8818058c7f03de1eda6bf"}, {"source": "security@wordfence.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/2711944/metform/trunk/core/forms/action.php"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/04a46249-b5b2-4082-b520-cdc4a1370bb1?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/Xib3rR4dAr/6e6c6e5fa1f8818058c7f03de1eda6bf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/2711944/metform/trunk/core/forms/action.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/04a46249-b5b2-4082-b520-cdc4a1370bb1?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}