CVE-2021-3133

MEDIUM

Elementor Contact Form DB < 1.6 - Cross-Site Request Forgery via Backend Admin Pages

Title source: llm
STIX 2.1

Description

The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages.

References (3)

Core 3
Core References
Patch, Third Party Advisory x_refsource_misc
https://plugins.trac.wordpress.org/changeset/2454670/
Product, Release Notes, Third Party Advisory x_refsource_misc
https://wordpress.org/plugins/sb-elementor-contact-form-db/#developers
Exploit, Third Party Advisory x_refsource_misc
https://advisory.checkmarx.net/advisory/CX-2020-4293

Scores

CVSS v3 6.5
EPSS 0.0090
EPSS Percentile 55.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-352
Status published
Products (1)
sean-barton/elementor_contact_form_db < 1.6
Published Jan 12, 2021
Tracked Since Feb 18, 2026