WordPress Plugin Vulnerabilities
Elementor Contact Form DB < 1.6 - Plugin Settings Cross-Site Request Forgery
Description
The plugin lacked CSRF nonces, which could allow attackers to make logged in administrators perform unwanted actions, such as change the plugin's settings via a CSRF attack.
Affects Plugins
Fixed in version 1.6
References
Classification
Miscellaneous
Verified
No
Timeline
Publicly Published
2021-01-13 (about 2 years ago)
Added
2021-01-13 (about 2 years ago)
Last Updated
2021-01-15 (about 2 years ago)