CVE-2022-23180 Information

Description

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn’t have authorisation and nonce checks which could allow any authenticated users such as subscriber to update and change various settings

Reference

https://wpscan.com/vulnerability/da87358a-3a72-4cf7-a2af-a266dd9b4290/ https://plugins.trac.wordpress.org/changeset/2670484