WordPress Plugin Vulnerabilities

Void Contact Form 7 Widget For Elementor Page Builder < 2.4 - Missing Authorization

Description

The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions in the /helper/helper.php file in versions up to, and including, 2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices and retrieve contact form data.

Affects Plugins

Plugin icon
cf7-widget-elementor
Fixed in 2.4

References

CVE
CVE-2023-52214
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/93784c84-93b3-4f43-84a0-5aeed3ba9cfd

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Friday
Verified
No
WPVDB ID
8633e8b2-ccde-45c9-9079-bf6dafeebc49

Timeline

Publicly Published
2024-01-03 (about 2 years ago)
Added
2024-01-12 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2025-01-07
Title
1003 Mortgage Application <= 1.87 - Missing Authorization
Published
2026-01-25
Title
Share This Image < 2.10 - Missing Authorization
Published
2023-06-12
Title
WP Directory Kit < 1.2.4 - Missing Authorization for Plugin Settings Update
Published
2026-01-10
Title
Suggestion Toolkit <= 5.0 - Missing Authorization
Published
2026-02-19
Title
SmartFix < 1.2.4 - Missing Authorization