CVE-2023-0484

Name of the Vulnerable Software and Affected Versions Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin versions prior to 1.1.6

Description The issue concerns a lack of CSRF check when activating plugins, which could allow attackers to make logged-in admins activate arbitrary plugins present on the blog via a CSRF attack.

Recommendations For versions prior to 1.1.6, update to version 1.1.6 or later to resolve the issue. As a temporary workaround, consider restricting access to plugin activation features to minimize the risk of exploitation.