Unrated severityNVD Advisory· Published Jan 16, 2024· Updated Jun 16, 2025
Contact Form & Lead Form Elementor Builder Plugin < 1.7.4 - Multiple Subscriber+ Settings Update
CVE-2022-23180
Description
The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.7.4
Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/changeset/2670484mitrepatch
- wpscan.com/vulnerability/da87358a-3a72-4cf7-a2af-a266dd9b4290/mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.