Lucene search

[email protected]NVD:CVE-2023-1843

HistoryJun 09, 2023 - 6:15 a.m.

CVE-2023-1843

2023-06-0906:15:58

[email protected]

web.nvd.nist.gov

metform elementor

wordpress

vulnerability

permalink structure

unauthorized access

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.002

Percentile

51.6%

JSON

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalink_setup function in versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to change the permalink structure.

Affected configurations

Nvd

Node

wpmetmetform_elementor_contact_form_builderRange≤3.3.0wordpress

VendorProductVersionCPE
wpmetmetform_elementor_contact_form_builder*cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wpmet	metform_elementor_contact_form_builder	*	cpe:2.3:a:wpmet:metform_elementor_contact_form_builder::::::wordpress::*

References

plugins.trac.wordpress.org/browser/metform/trunk/plugin.php#L544

plugins.trac.wordpress.org/changeset/2907471/

www.wordfence.com/threat-intel/vulnerabilities/id/5db00eb6-3e05-42fa-bb84-2df4bcae3955?source=cve

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.002

Percentile

51.6%

JSON

Related for NVD:CVE-2023-1843

cvelist1 prion1 cve1 openvas1 wpvulndb1 wordfence1