Cross-Site Request Forgery Vulnerability in Metform Elementor Contact Form Builder Plugin
CVE-2023-2517

5.4MEDIUM

What is CVE-2023-2517?

The Metform Elementor Contact Form Builder plugin for WordPress contains a vulnerability that allows unauthenticated attackers to exploit Cross-Site Request Forgery due to improper nonce validation on the permalink_setup function. Attackers can manipulate a site's permalink structure by tricking an administrator into performing unintended actions. This vulnerability highlights the importance of correctly implementing nonce verification to enhance security against such attacks.

Affected Version(s)

Metform Elementor Contact Form Builder * <= 3.3.2

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Marco Wotschka
.
The Cyber Security Vulnerability Database.