Unauthenticated Permalink Structure Update Vulnerability in Metform Elementor Contact Form Builder Plugin

Unauthenticated Permalink Structure Update Vulnerability in Metform Elementor Contact Form Builder Plugin

CVE-2023-1843 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalink_setup function in versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to change the permalink structure.

Learn more about our Wordpress Pen Testing.