cleantalk
Vulnerabilities and Security Researches

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks, CVE-2023-0484

CVE, Research URL

CVE-2023-0484

Home page URL

Security reports for Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks

Application

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks

Published on
Mar 27, 2023
Research Description
The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
Affected versions
Min -, max 1.1.6.
Status
vulnerable
Previous vulnerability researches
Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks (CVE-2025-24726) , Jan 25, 2025
Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks (CVE-2025-7340) , Jul 18, 2025
Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks (CVE-2025-7341) , Jul 18, 2025
Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks (CVE-2025-7360) , Jul 18, 2025
Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks (CVE-2025-54015) , Jul 18, 2025
New vulnerability
Wallet System for WooCommerce – Digital Wallet, Cashback Rewards, Recharge User Wallets, View Transaction History (CVE-2025-54041) , Jul 19, 2025
Chatbox Manager (CVE-2025-48167) , Jul 19, 2025
Zuppler Online Ordering (CVE-2025-6053) , Jul 19, 2025
Counter live visitors for WooCommerce (CVE-2025-7359) , Jul 19, 2025
AntiSpam for Contact Form 7 (CVE-2025-54020) , Jul 19, 2025