WordPress Plugin Vulnerabilities
Elementor Contact Form DB < 1.6 - Plugin Settings Cross-Site Request Forgery
Description
The plugin lacked CSRF nonces, which could allow attackers to make logged in administrators perform unwanted actions, such as change the plugin's settings via a CSRF attack.
Affects Plugins
References
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Verified
No
WPVDB ID
Timeline
Publicly Published
2021-01-13 (about 3 years ago)
Added
2021-01-13 (about 3 years ago)
Last Updated
2021-01-15 (about 3 years ago)