CVE-2022-23180
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Contact Form & Lead Form Elementor Builder | 0 < 1.7.4 | affected |
Weaknesses
- CWE-862 Missing Authorization
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/da87358a-3a72-4cf7-a2af-a266dd9b4290/
- https://plugins.trac.wordpress.org/changeset/2670484
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://wpscan.com/vulnerability/da87358a-3a72-4cf7-a2af-a266dd9b4290/
- https://plugins.trac.wordpress.org/changeset/2670484
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.