PatchSiren cyber security CVE debrief
CVE-2023-25969 ThemeHunk CVE debrief
CVE-2023-25969 is a Missing Authorization vulnerability in the Contact Form & Lead Form Elementor Builder plugin. This issue, with a CVSS score of 5.4 and MEDIUM severity, allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability affects the plugin versions from n/a through 1.8.4.
- Vendor
- ThemeHunk
- Product
- Contact Form & Lead Form Elementor Builder
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of Contact Form & Lead Form Elementor Builder plugin versions from n/a through 1.8.4 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The CVE-2023-25969 vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L and is classified under CWE-862. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
Defensive priority
MEDIUM
Recommended defensive actions
- Update Contact Form & Lead Form Elementor Builder to a version beyond 1.8.4.
- Review and adjust access control configurations to ensure proper authorization levels.
Evidence notes
Evidence for this CVE comes from the NVD and Patchstack.
Official resources
-
CVE-2023-25969 CVE record
CVE.org
-
CVE-2023-25969 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2023-25969 was published on 2026-06-11T12:16:29.740Z and last modified on 2026-06-11T14:42:47.007Z.