Cross-Site Request Forgery Vulnerability in Metform Elementor Contact Form Builder Plugin
CVE-2023-2517
5.4MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 12 July 2023
What is CVE-2023-2517?
The Metform Elementor Contact Form Builder plugin for WordPress contains a vulnerability that allows unauthenticated attackers to exploit Cross-Site Request Forgery due to improper nonce validation on the permalink_setup function. Attackers can manipulate a site's permalink structure by tricking an administrator into performing unintended actions. This vulnerability highlights the importance of correctly implementing nonce verification to enhance security against such attacks.
Affected Version(s)
Metform Elementor Contact Form Builder * <= 3.3.2