Medium severity5.4NVD Advisory· Published Jul 12, 2023· Updated Apr 8, 2026
CVE-2023-2517
CVE-2023-2517
Description
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalink_setup function. This makes it possible for unauthenticated attackers to change the permalink structure via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. While nonce verification is implemented, verification only takes place when a nonce is provided.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*Range: <3.3.3
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.