CVE-2022-1442 Scanner

Metform is a widely used plugin for WordPress for creating contact forms and quizzes. It is a user-friendly tool that lets website owners easily create forms in minutes without any coding or technical knowledge. This plugin is integrated with various third-party APIs like PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA, and more.

However, recently a vulnerability has been discovered in the Metform plugin for WordPress. The vulnerability code, CVE-2022-1442, allows an attacker to view all API keys and secrets of the integrated third-party APIs, even without being authenticated. The attacker can easily gain access to sensitive information due to improper access controls in the ~/core/forms/action.php file, present in all versions up to and including 2.1.3.

The exploitation of this vulnerability can lead to a massive data breach, putting all sensitive information at risk of being leaked. Attackers can get their hands on payment transaction details, email lists, customer information, and other confidential data. This vulnerability gives attackers direct access to the keys, allowing them to perform malicious activities like initiating unauthorized transactions, phishing scams, and more.

The pro features of securityforeveryone.com platform offer an easy and quick solution to learn about vulnerabilities in digital assets. It provides a comprehensive report on vulnerabilities in digital assets, including the status, type, severity, and remediation steps. The platform offers a user-friendly interface and recommends actions to be taken to prevent vulnerabilities. Users can rely on the pro features of the securityforeveryone.com platform to ensure their digital assets are always secured and protected from any potential vulnerabilities.

REFERENCES

• https://gist.github.com/Xib3rR4dAr/6e6c6e5fa1f8818058c7f03de1eda6bf
• https://plugins.trac.wordpress.org/changeset/2711944/metform/trunk/core/forms/action.php
• https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1442