Unauthenticated User Access and Settings Modification Vulnerability in Contact Form & Lead Form Elementor Builder WordPress Plugin

Unauthenticated User Access and Settings Modification Vulnerability in Contact Form & Lead Form Elementor Builder WordPress Plugin

CVE-2022-23180 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings

Learn more about our Wordpress Pen Testing.