CVE-2023-25969
Received Received - Intake
Missing Authorization in ThemeHunk Contact Form & Lead Form Elementor Builder

Publication date: 2026-06-11

Last updated on: 2026-06-11

Assigner: Patchstack

Description
Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form & Lead Form Elementor Builder: from n/a through 1.8.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-11
Last Modified
2026-06-11
Generated
2026-06-11
AI Q&A
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2023-25969
EUVD
EUVD-2023-60589
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
themehunk contact_form_lead_form_elementor_builder to 1.8.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in the WordPress plugin "Contact Form & Lead Form Elementor Builder" (version 1.8.4 or lower) is a Missing Authorization issue, also known as Broken Access Control. It allows unauthorized users to perform privileged actions by exploiting incorrectly configured access control security levels.

Exploitation requires user interaction, such as clicking a malicious link or submitting a form.

This vulnerability is classified under the OWASP Top 10 category for Broken Access Control.

Impact Analysis

This vulnerability can allow unauthorized users to perform actions that should be restricted, potentially leading to unauthorized changes or operations within the plugin.

The impact is considered low severity with a CVSS score of 5.4, but it can still lead to integrity and availability issues.

Exploitation requires user interaction, so attackers may trick users into clicking malicious links or submitting crafted forms.

Detection Guidance

This vulnerability involves Broken Access Control in the Contact Form & Lead Form Elementor Builder plugin, which can be exploited by unauthorized users performing privileged actions through user interaction such as clicking malicious links or submitting forms.

Detection on your network or system would involve monitoring for unusual or unauthorized privileged actions related to the plugin, especially those triggered by user interactions.

Specific commands or detection scripts are not provided in the available resources.

Mitigation Strategies

The immediate recommended step is to update the Contact Form & Lead Form Elementor Builder plugin to version 1.8.5 or later, where the vulnerability has been patched.

Until the plugin is updated, applying the mitigation rule provided by Patchstack to block attacks targeting this vulnerability is advised.

Compliance Impact

The provided information does not specify how the Missing Authorization vulnerability in the Contact Form & Lead Form Elementor Builder plugin affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-25969. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart