CVE-2022-23180

Published: Jan 16, 2024Modified: Jun 16, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings

Affected (1)

Products: Themehunk: Contact Form & Lead Form Elementor Builder

Themehunk

1 product

Contact Form & Lead Form Elementor Builder

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Themehunk Contact Form & Lead Form Elementor Builder	Before 1.7.4

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://plugins.trac.wordpress.org/changeset/2670484

Source: contact@wpscan.com

Patch

https://wpscan.com/vulnerability/da87358a-3a72-4cf7-a2af-a266dd9b4290/

Source: contact@wpscan.com

ExploitThird Party Advisory

https://plugins.trac.wordpress.org/changeset/2670484

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://wpscan.com/vulnerability/da87358a-3a72-4cf7-a2af-a266dd9b4290/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.