CVE Catalog

CVE-2023-25969

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

8th percentile — higher than 8% of all known CVEs

Summary

CVE-2023-25969 describes a missing authorization vulnerability in the ThemeHunk Contact Form & Lead Form Elementor Builder, allowing exploitation of incorrectly configured access control security levels.

Risk Assessment

Organizations may be exposed to unauthorized access to user data and the potential manipulation of contact forms.

Recommendation

It is recommended to update the plugin to the latest version and review access control configurations to ensure adequate protection.

Original NVD description (English source)

Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form & Lead Form Elementor Builder: from n/a through 1.8.4.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS