PatchSiren

WPMet CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL WPMet CVE published 2026-06-17

CVE-2026-24611

CVE-2026-24611 is a critical vulnerability in the MetForm Pro plugin for WordPress, affecting versions up to and including 3.9.1. The vulnerability is caused by unauthenticated broken access control, which could allow attackers to access sensitive information or perform unauthorized actions. With a CVSS score of 9.1, this vulnerability is considered critical and requires immediate attention. Users of the [truncated]

MEDIUM WPMet CVE published 2026-06-17

CVE-2026-24610

On June 17, 2026, a medium-severity vulnerability (CVSS score of 4.3) was disclosed in the MetForm Pro plugin, affecting versions up to 3.9.1. This vulnerability allows subscribers to bypass access controls, potentially leading to unauthorized actions. The issue was reported by Patchstack and is tracked as CVE-2026-24610. Users of the affected plugin should take immediate action to mitigate potential risk [truncated]

MEDIUM Wpmet CVE published 2026-06-16

CVE-2026-54197

CVE-2026-54197 is a MEDIUM severity vulnerability (CVSS score: 6.5) affecting GetGenie plugin versions <= 4.4.1. This vulnerability allows unauthenticated sensitive data exposure. The CVE was published and modified on 2026-06-16T10:16:28.607Z. The vendor and product information is currently unknown, but evidence suggests a connection to Patchstack. A mitigation or vendor reference is available [ref-4].

MEDIUM Wpmet CVE published 2026-05-27

CVE-2026-49053

CVE-2026-49053 is a Missing Authorization vulnerability in the ElementsKit Elementor addons Lite WordPress plugin, affecting versions up to and including 3.9.6. The vulnerability allows exploitation of incorrectly configured access control security levels, potentially enabling unauthorized access to functionality that should be restricted. The issue was published to the CVE List on May 27, 2026, and carri [truncated]

MEDIUM Wpmet CVE published 2026-05-27

CVE-2026-49052

A Missing Authorization vulnerability in the ElementsKit Elementor addons Lite WordPress plugin allows authenticated users with low privileges to exploit incorrectly configured access control security levels. The vulnerability affects versions up to and including 3.9.6. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) indicates network attack vector, low attack complexity, low privileges required [truncated]