CVE-2022-23180

medium

Description

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings

References

https://wpscan.com/vulnerability/da87358a-3a72-4cf7-a2af-a266dd9b4290/

https://plugins.trac.wordpress.org/changeset/2670484

Details

Source: Mitre, NVD

Published: 2024-01-16

Updated: 2025-06-16

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N