← Back to CVE List

CVE-2023-2517

Published: 2023-07-12T05:15Z
Last Modified: 2024-11-21T07:58Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalink_setup function. This makes it possible for unauthenticated attackers to change the permalink structure via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. While nonce verification is implemented, verification only takes place when a nonce is provided. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt