GobyVuls/CVE-2022-1442.md

## WordPress plugin Metform forms Information Disclosure (CVE-2022-1442)

|   **Vulnerability**  | **WordPress plugin Metform forms Information Disclosure (CVE-2022-1442)**  |
| :----:   | :-----|
|  **Chinese name**  | WordPress Metform 插件 forms 文件信息泄露漏洞（CVE-2022-1442） |
| **CVSS core**  | 7.5 |
| **FOFA Query**  (click to view the results directly)| [body=\"wp-content/plugins/metform/\"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL21ldGZvcm0vIg%3D%3D) |
| **Number of assets affected**  | 13517 |
| **Description**  | WordPress plugin Metform is a secure contact form plugin for WordPress. There is a security vulnerability in the WordPress plugin Metform. The vulnerability is caused by improper access control in the ~/core/forms/action.php file, and attackers can obtain various key information of users. |
| **Impact** | There is a security vulnerability in the WordPress plugin Metform. The vulnerability is caused by improper access control in the ~/core/forms/action.php file, and attackers can obtain various key information of users. |

![](https://s3.bmp.ovh/imgs/2023/04/12/d33ddd786b414472.gif)