CVE-2021-3133
MEDIUMElementor Contact Form DB < 1.6 - Cross-Site Request Forgery via Backend Admin Pages
Title source: llmDescription
The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_misc
https://plugins.trac.wordpress.org/changeset/2454670/
Product, Release Notes, Third Party Advisory x_refsource_misc
https://wordpress.org/plugins/sb-elementor-contact-form-db/#developers
Exploit, Third Party Advisory x_refsource_misc
https://advisory.checkmarx.net/advisory/CX-2020-4293
Scores
CVSS v3
6.5
EPSS
0.0090
EPSS Percentile
55.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-352
Status
published
Products (1)
sean-barton/elementor_contact_form_db
< 1.6
Published
Jan 12, 2021
Tracked Since
Feb 18, 2026