ThreatPress

WordPress Vulnerability Database

Back

WordPress Elementor Contact Form DB plugin <= 1.5 - Cross-Site Request Forgery (CSRF) via backend admin pages vulnerability

Product
Elementor Contact Form DB
Description
Cross-Site Request Forgery (CSRF) via backend admin pages vulnerability found in WordPress Elementor Contact Form DB plugin (versions <= 1.5).
Solution
Update the WordPress Elementor Contact Form DB plugin to the latest available version (at least 1.6).
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
CVE
Plugin changelog
CVE
Name CVE-2021-3133
Versions
Affected In <= 1.5
Fixed In 1.6
Disclosure date
2021-01-12