The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin prior to 1.1.6 does not have CSRF check when activating plugins, which could allow malicious users to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hasthemes contact form 7 widget for elementor page builder & gutenberg blocks |