Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for RTMForm Builder by rometheme
CVE-2023-6325 (GCVE-0-2023-6325)
Vulnerability from nvd – Published: 2024-05-23 04:30 – Updated: 2026-04-08 17:03
VLAI?
Title
RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate
Summary
The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to export arbitrary form submissions, create new forms, or update any post title or certain metadata.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rometheme | RTMForm Builder |
Affected:
0 , ≤ 1.1.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rometheme:romethemeform_for_elementor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "romethemeform_for_elementor",
"vendor": "rometheme",
"versions": [
{
"lessThanOrEqual": "1.1.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T20:01:19.744197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:17.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/81a293ea-abda-4c90-a109-791ca5ba89a4?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/romethemeform/tags/1.1.2/modules/form/form.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3090708/romethemeform/trunk?contextall=1\u0026old=3079080\u0026old_path=%2Fromethemeform%2Ftrunk"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RTMForm Builder",
"vendor": "rometheme",
"versions": [
{
"lessThanOrEqual": "1.1.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to export arbitrary form submissions, create new forms, or update any post title or certain metadata."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:03:47.846Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/81a293ea-abda-4c90-a109-791ca5ba89a4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/romethemeform/tags/1.1.2/modules/form/form.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3090708/romethemeform/trunk?contextall=1\u0026old=3079080\u0026old_path=%2Fromethemeform%2Ftrunk"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-22T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "RomethemeForm For Elementor \u003c= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6325",
"datePublished": "2024-05-23T04:30:53.799Z",
"dateReserved": "2023-11-27T14:34:15.631Z",
"dateUpdated": "2026-04-08T17:03:47.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-6325 (GCVE-0-2023-6325)
Vulnerability from cvelistv5 – Published: 2024-05-23 04:30 – Updated: 2026-04-08 17:03
VLAI?
Title
RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate
Summary
The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to export arbitrary form submissions, create new forms, or update any post title or certain metadata.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rometheme | RTMForm Builder |
Affected:
0 , ≤ 1.1.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rometheme:romethemeform_for_elementor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "romethemeform_for_elementor",
"vendor": "rometheme",
"versions": [
{
"lessThanOrEqual": "1.1.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T20:01:19.744197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:17.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/81a293ea-abda-4c90-a109-791ca5ba89a4?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/romethemeform/tags/1.1.2/modules/form/form.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3090708/romethemeform/trunk?contextall=1\u0026old=3079080\u0026old_path=%2Fromethemeform%2Ftrunk"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RTMForm Builder",
"vendor": "rometheme",
"versions": [
{
"lessThanOrEqual": "1.1.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to export arbitrary form submissions, create new forms, or update any post title or certain metadata."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:03:47.846Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/81a293ea-abda-4c90-a109-791ca5ba89a4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/romethemeform/tags/1.1.2/modules/form/form.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3090708/romethemeform/trunk?contextall=1\u0026old=3079080\u0026old_path=%2Fromethemeform%2Ftrunk"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-22T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "RomethemeForm For Elementor \u003c= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6325",
"datePublished": "2024-05-23T04:30:53.799Z",
"dateReserved": "2023-11-27T14:34:15.631Z",
"dateUpdated": "2026-04-08T17:03:47.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}