CVE-2023-25969
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
CVE-2023-25969 describes a missing authorization vulnerability in the ThemeHunk Contact Form & Lead Form Elementor Builder, allowing exploitation of incorrectly configured access control security levels.
Risk Assessment
Organizations may be exposed to unauthorized access to user data and the potential manipulation of contact forms.
Recommendation
It is recommended to update the plugin to the latest version and review access control configurations to ensure adequate protection.
Original NVD description (English source)
Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form & Lead Form Elementor Builder: from n/a through 1.8.4.

