PT-2023-17275 · WordPress · Metform Elementor Contact Form Builder
Marco Wotschka
·
Published
2023-06-09
·
Updated
2023-06-16
·
CVE-2023-1843
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Metform Elementor Contact Form Builder plugin for WordPress versions up to, and including, 3.3.0
Description
The issue allows unauthorized updates to the permalink structure due to a missing capability check on the
permalink setup function. This enables unauthenticated attackers to change the permalink structure.Recommendations
For versions up to, and including, 3.3.0, update to a version higher than 3.3.0 to resolve the issue.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Metform Elementor Contact Form Builder