CVE-2026-25320
Awaiting Analysis Awaiting Analysis - Queue
Missing Authorization in Elementor Contact Form DB Plugin

Publication date: 2026-02-19

Last updated on: 2026-02-19

Assigner: Patchstack

Description
Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through <= 2.1.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-19
Last Modified
2026-02-19
Generated
2026-05-07
AI Q&A
2026-02-19
EPSS Evaluated
2026-05-05
NVD
CVE-2026-25320
EUVD
EUVD-2026-8217
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cool_plugins elementor_contact_form_db to 2.1.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-25320 is a broken access control vulnerability in the WordPress Elementor Contact Form DB Plugin versions up to and including 2.1.3.

This issue arises from missing authorization, authentication, or nonce token checks in certain functions, allowing unauthenticated users to perform actions that require higher privileges.

It is classified under the OWASP Top 10 category A1: Broken Access Control.


How can this vulnerability impact me? :

This vulnerability allows unauthenticated users to perform actions that should require higher privileges due to missing authorization checks.

However, the impact is considered low severity with a CVSS score of 5.3, and it is unlikely to be exploited with significant impact.

Users are advised to update to version 2.1.4 or later of the plugin to mitigate this risk.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability arises from missing authorization, authentication, or nonce token checks in certain functions of the Elementor Contact Form DB Plugin up to version 2.1.3. Detection would involve verifying the plugin version installed on your WordPress system.'}, {'type': 'paragraph', 'content': 'There are no specific network or system commands provided in the available resources to detect exploitation attempts or presence of this vulnerability.'}, {'type': 'paragraph', 'content': 'A practical approach is to check the plugin version via WordPress CLI or by inspecting the plugin files.'}, {'type': 'list_item', 'content': 'Using WP-CLI to check plugin version: wp plugin list | grep sb-elementor-contact-form-db'}, {'type': 'list_item', 'content': "Manually check the plugin version in the plugin's main PHP file or via the WordPress admin dashboard."}] [1]


What immediate steps should I take to mitigate this vulnerability?

The primary mitigation step is to update the Elementor Contact Form DB Plugin to version 2.1.4 or later, where this vulnerability is patched.

Users are advised to apply the update as soon as possible to prevent unauthorized access due to broken access control.

Additionally, enabling auto-update options for the plugin can help ensure timely application of future security patches.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart