CVE-2021-3133 - OpenCVE

The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Sean-barton	Elementor Contact Form Db

Configuration 1 [-]

cpe:2.3:a:sean-barton:elementor_contact_form_db:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://advisory.checkmarx.net/advisory/CX-2020-4293	Exploit Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2454670/	Patch Third Party Advisory
https://wordpress.org/plugins/sb-elementor-contact-form-db/#developers	Product Release Notes Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-01-12T18:57:19

Updated: 2021-03-31T20:18:12

Reserved: 2021-01-12T00:00:00

Link: CVE-2021-3133

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-01-12T19:15:13.070

Modified: 2022-05-16T20:45:52.480

Link: CVE-2021-3133

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sean-barton:elementor_contact_form_db:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "80E4A166-CD31-4CB4-88F6-29A3E9EDBC67", "versionEndExcluding": "1.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages."}, {"lang": "es", "value": "El plugin Elementor Contact Form DB versiones anteriores a 1.6 para WordPress, permite un ataque de tipo CSRF por medio de las p\u00e1ginas de administraci\u00f3n del backend"}], "id": "CVE-2021-3133", "lastModified": "2022-05-16T20:45:52.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-12T19:15:13.070", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://advisory.checkmarx.net/advisory/CX-2020-4293"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/2454670/"}, {"source": "cve@mitre.org", "tags": ["Product", "Release Notes", "Third Party Advisory"], "url": "https://wordpress.org/plugins/sb-elementor-contact-form-db/#developers"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}