CVE-2022-23180

Summary

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings

Affected Software

VendorProductVersion RangeStatus
UnknownContact Form & Lead Form Elementor Builder0 < 1.7.4affected

Weaknesses

  • CWE-862 Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References