CVE-2023-6325

MEDIUM

RomethemeForm For Elementor <1.1.5 - Info Disclosure

Title source: llm
STIX 2.1

Description

The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to export arbitrary form submissions, create new forms, or update any post title or certain metadata.

Scores

CVSS v3 5.3
EPSS 0.0038
EPSS Percentile 29.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (2)
rometheme/RomethemeForm For Elementor < 1.1.5
rometheme/RTMForm Builder < 1.1.5
Published May 23, 2024
Tracked Since Feb 18, 2026