Lucene search
WpvulndbWPVDB-ID:67BAC2D1-99E6-40A6-B627-B27AA6B42E24HistoryJun 22, 2023 - 12:00 a.m.
Metform Elementor Contact Form Builder < 3.3.3 - Cross-Site Request Forgery
2023-06-2200:00:00
wpscan.com
6
metform
elementor
contact form builder
nonce validation
cross-site request forgery
vulnerability
0.001 Low
EPSS
Percentile
39.1%
The plugin does not correctly validate nonces on the permalink_setup function. This can potentially enable the alteration of permalink structure via a forged request, if an administrator is tricked into clicking a deceptive link. Verification only takes place when a nonce is provided, leaving the plugin vulnerable to Cross-Site Request Forgery.
Related
nvd
nvd
CVE-2023-2517
2023-07-12 05:15:09
openvas
openvas
cvelist
cvelist
CVE-2023-2517
2023-07-12 04:38:49
cve
cve
CVE-2023-2517
2023-07-12 05:15:09
prion
prion
Cross site request forgery (csrf)
2023-07-12 05:15:00
wordfence
wordfence