CVE-2023-6325
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to export arbitrary form submissions, create new forms, or update any post title or certain metadata.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| rometheme | RTMForm Builder | 0 <= 1.1.5 | affected |
Weaknesses
- CWE-862: CWE-862 Missing Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/81a293ea-abda-4c90-a109-791ca5ba89a4?source=cve
- https://plugins.trac.wordpress.org/browser/romethemeform/tags/1.1.2/modules/form/form.php
- https://plugins.trac.wordpress.org/changeset/3090708/romethemeform/trunk?contextall=1&old=3079080&old_path=%2Fromethemeform%2Ftrunk
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/81a293ea-abda-4c90-a109-791ca5ba89a4?source=cve
- https://plugins.trac.wordpress.org/browser/romethemeform/tags/1.1.2/modules/form/form.php
- https://plugins.trac.wordpress.org/changeset/3090708/romethemeform/trunk?contextall=1&old=3079080&old_path=%2Fromethemeform%2Ftrunk
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.