What is the vulnerability ID of this vulnerability?

The vulnerability ID is CVE-2023-0484.

What is the severity of CVE-2023-0484?

The severity of CVE-2023-0484 is medium with a CVSS score of 4.3.

Is there a fix available for CVE-2023-0484?

There is no information available regarding a fix for CVE-2023-0484 at the moment.

Vulnerability/
CVE-2023-0484

medium

4.3

CWE

352

27/3/2023

19/2/2025

CVE-2023-0484: Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks < 1.1.6 - Arbitrary Plugin Activation via CSRF

Q: What software is affected by CVE-2023-0484?

The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before version 1.1.6 is affected.

Q: How does the vulnerability in the Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks plugin work?

The plugin does not have CSRF check when activating plugins, allowing attackers to make logged in admins activate arbitrary plugins via a CSRF attack.

First published: Mon Mar 27 2023(Updated: )

The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

Credit: contact@wpscan.com

Affected Software	Affected Version	How to fix
Hasthemes Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks	<1.1.6

Never miss a vulnerability like this again

Reference Links

https://wpscan.com/vulnerability/e61fb245-0d7f-42b0-9b96-c17ade8c04c5

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2023-0484.
What is the severity of CVE-2023-0484?
The severity of CVE-2023-0484 is medium with a CVSS score of 4.3.
What software is affected by CVE-2023-0484?
The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before version 1.1.6 is affected.
How does the vulnerability in the Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks plugin work?
The plugin does not have CSRF check when activating plugins, allowing attackers to make logged in admins activate arbitrary plugins via a CSRF attack.
Is there a fix available for CVE-2023-0484?
There is no information available regarding a fix for CVE-2023-0484 at the moment.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/title
agent/author
agent/severity
agent/references
agent/weakness
agent/description
agent/first-publish-date
agent/event
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/hasthemes
canonical/hasthemes contact form 7 widget for elementor page builder & gutenberg blocks

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.