Vulnerability CVE-2023-6325
Published: 2024-05-23

Description:
The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to export arbitrary form submissions, create new forms, or update any post title or certain metadata.

 References:
https://www.wordfence.com/threat-intel/vulnerabilities/id/81a293ea-abda-4c90-a109-791ca5ba89a4?source=cve
https://plugins.trac.wordpress.org/browser/romethemeform/tags/1.1.2/modules/form/form.php
https://plugins.trac.wordpress.org/changeset/3090708/romethemeform/trunk?contextall=1&old=3079080&old_path=%2Fromethemeform%2Ftrunk
Copyright 2024, cxsecurity.com

 

Back to Top