CVE-2023-6325

Name of the Vulnerable Software and Affected Versions RomethemeForm For Elementor plugin for WordPress versions up to, and including, 1.1.5

Description The issue allows unauthorized access and modification of data due to a missing capability check on the export entries, rtformnewform, and rtformupdate functions. This enables unauthenticated attackers to export arbitrary form submissions, create new forms, or update any post title or certain metadata.

Recommendations For versions up to, and including, 1.1.5, update to a version higher than 1.1.5 to resolve the issue. As a temporary workaround, consider disabling the export entries, rtformnewform, and rtformupdate functions until a patch is available.