MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Vulnerability – Unauthenticated Double-Extension Arbitrary File Upload – CVE-2023-0714 | WordPress Plugin Vulnerability Report

Plugin Name: MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor

Key Information:

  • Software Type: Plugin
  • Software Slug: metform
  • Software Status: Active
  • Software Author: xpeedstudio
  • Software Downloads: 3,995,704
  • Active Installs: 400,000
  • Last Updated: August 19, 2024
  • Patched Versions: 3.3.0
  • Affected Versions: <= 3.2.4

Vulnerability Details:

  • Name: Metform Elementor Contact Form Builder <= 3.2.4
  • Type: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE: CVE-2023-0714
  • CVSS Score: 8.1
  • Publicly Published: August 16, 2024
  • Researcher: Ram - Wordfence
  • Description: The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This flaw allows unauthenticated visitors to perform a "double extension" attack, where they upload files containing a malicious extension that ends with a benign extension, which could lead to remote code execution in certain configurations.

Summary:

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress has a vulnerability in versions up to and including 3.2.4 that allows unauthenticated users to upload files with a malicious extension masked by a benign extension. This vulnerability could enable remote code execution under certain configurations. This vulnerability has been patched in version 3.3.0.

Detailed Overview:

The MetForm Elementor Contact Form Builder plugin has been found to have a significant security flaw, categorized as an Unauthenticated Double-Extension Arbitrary File Upload vulnerability. This issue, discovered by researcher Ram from Wordfence, arises due to insufficient validation of file types during the upload process. Specifically, attackers can exploit this flaw by using a "double extension" tactic, where a file that appears to have a safe extension (such as .jpg) actually contains a malicious extension (like .php) that could allow for remote code execution on the server, depending on how the site is configured.

This vulnerability is particularly dangerous because it requires no authentication, meaning any visitor to the site could potentially exploit it. The CVSS score of 8.1 reflects the high impact this vulnerability could have, particularly in cases where the server configuration makes remote code execution possible. To mitigate this risk, it is crucial for all users of the MetForm plugin to update to the latest version, 3.3.0, where the issue has been resolved.

Advice for Users:

  • Immediate Action: Users should update their MetForm plugin to version 3.3.0 or later as soon as possible to protect their site from the risk of arbitrary file uploads and potential remote code execution.
  • Check for Signs of Vulnerability: Review your site's file system for any suspicious files, particularly those with double extensions (e.g., file.jpg.php), and monitor your server logs for unusual activity that could indicate an attempted exploitation.
  • Alternate Plugins: While a patch is available, users may consider alternative form-building plugins if they are concerned about the history of security issues or need additional features.
  • Stay Updated: Regularly updating all plugins and your WordPress core is essential to prevent vulnerabilities from being exploited. Enable automatic updates where possible to ensure your site remains secure.

Conclusion:

The quick response from the developers of the MetForm plugin to address this vulnerability highlights the importance of timely updates. Ensuring that your WordPress site is running version 3.3.0 or later is critical to maintaining its security. Regular maintenance and staying informed about potential vulnerabilities are essential practices for safeguarding your website.

References:

Detailed Report:

In the fast-paced world of managing a website, particularly for small business owners, it’s easy for tasks like updating plugins to fall through the cracks. However, neglecting these updates can leave your website exposed to serious security threats. A recent vulnerability discovered in the MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin serves as a stark reminder of the importance of keeping your site up to date.

This vulnerability, identified as an unauthenticated double-extension arbitrary file upload (CVE-2023-0714), allows attackers to upload files with malicious extensions disguised by a benign extension. This could lead to remote code execution on your server, depending on how your site is configured, potentially giving attackers full control over your site. With over 400,000 active installs, the risk is significant, and if your site is using a version of MetForm up to and including 3.2.4, you could be vulnerable.

If you’re concerned about your website’s security, or if you’re unsure whether your site has been affected by this or any other vulnerabilities, we’re here to help. In this post, we’ll provide a detailed overview of the MetForm vulnerability, explain the risks it poses, and guide you on how to protect your website. Don’t wait until it’s too late—take steps today to secure your website and ensure it remains a safe and reliable tool for your business.

Risks and Potential Impacts of the Vulnerability:

This vulnerability poses a significant risk because it allows attackers to upload potentially harmful files to your website without needing to log in. By using a "double extension" tactic, an attacker could disguise a malicious file as something innocuous, such as an image, but actually execute code on your server. Depending on your server configuration, this could lead to a full site takeover, data theft, or other malicious activities.

The high CVSS score of 8.1 reflects the severe impact this vulnerability could have if exploited. Given that this attack requires no authentication, any visitor to your site could potentially upload malicious files, making it a critical issue to address.

How to Remediate the Vulnerability:

  • Immediate Action: Update your MetForm plugin to version 3.3.0 or later. This version includes the necessary patches to prevent the exploitation of this vulnerability. Updating your plugin as soon as possible is crucial to protect your website from potential attacks.
  • Check for Signs of Vulnerability: Review your website’s file system for any unusual files, particularly those with double extensions like "file.jpg.php". Also, monitor your server logs for any suspicious activity that could indicate an attempted exploitation.
  • Consider Alternate Plugins: While the patch provided in version 3.3.0 addresses the issue, some users might want to explore alternative form-building plugins, especially if they are concerned about the plugin’s history of vulnerabilities or are looking for additional features.
  • Stay Updated: Regularly updating all your plugins, including the WordPress core, is vital to prevent vulnerabilities from being exploited. Enabling automatic updates can help ensure your site remains secure without requiring constant manual intervention.

Overview of Previous Vulnerabilities:

It’s important to note that the MetForm plugin has had 22 previous vulnerabilities since April 23, 2022. While the developers have been proactive in releasing patches to address these issues, the recurring nature of vulnerabilities emphasizes the need for regular updates and vigilance. By staying informed and taking immediate action when vulnerabilities are disclosed, you can significantly reduce the risk of your website being compromised.

Conclusion:

The discovery of this vulnerability in the MetForm plugin is a critical reminder of the importance of staying on top of security updates. For small business owners who may not have the time to manage these updates, it’s essential to consider tools or services that can automate the process and ensure your site remains secure. Regular maintenance, timely updates, and a proactive approach to website security are crucial in protecting your business’s online presence from potential threats.

Staying Secure

Staying on top of WordPress security can feel overwhelming for small business owners without dedicated IT staff. At Your WP Guy, we exist to shoulder that burden for you. Our WordPress experts can fully audit, secure, maintain and support your site - so you can focus on growing your business with peace of mind.

Don't tackle security risks alone. Let us help you assess any impact from this vulnerability, update your plugins, and implement ongoing maintenance to avoid future threats. We treat your website like it's our own - because we know how critical it is for reaching your customers.

Get in touch for a free consultation today on making WordPress security stress-free. Call 678-995-5169 or book a call here. Our knowledgeable team is ready to help you safeguard your online presence.

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Vulnerability – Unauthenticated Double-Extension Arbitrary File Upload – CVE-2023-0714 | WordPress Plugin Vulnerability Report FAQs

Leave a Comment