CVE-2023-6325
RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to export arbitrary form submissions, create new forms, or update any post title or certain metadata.
| CWE | CWE-862 |
| Vendor | rometheme |
| Product | rtmform builder |
| Published | May 23, 2024 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for rometheme rtmform builder
Be the first to know when new medium vulnerabilities affecting rometheme rtmform builder are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
rometheme / RTMForm Builder
0 โค 1.1.5
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/81a293ea-abda-4c90-a109-791ca5ba89a4?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/romethemeform/tags/1.1.2/modules/form/form.php plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3090708/romethemeform/trunk?contextall=1&old=3079080&old_path=%2Fromethemeform%2Ftrunk
Credits
Francesco Carlucci