Lucene search
HistoryJan 16, 2024 - 4:15 p.m.
CVE-2022-23180
wordpress
plugin
vulnerability
authentication
settings
update
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.6
Confidence
High
EPSS
0
Percentile
14.0%
The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn’t have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings
Affected configurations
Node
themehunkcontact_form_\&_lead_form_elementor_builderRange<1.7.4wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| themehunk | contact_form_\&_lead_form_elementor_builder | * | cpe:2.3:a:themehunk:contact_form_\&_lead_form_elementor_builder:*:*:*:*:*:wordpress:*:* |
Related
cve
cve
CVE-2022-23180
2024-01-16 16:15:09
patchstack
patchstack
cvelist
cvelist
wpexploit
wpexploit
prion
prion
Command injection
2024-01-16 16:15:00
wpvulndb
wpvulndb
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.6
Confidence
High
EPSS
0
Percentile
14.0%
Related for NVD:CVE-2022-23180