CVE-2023-45275: 
WordPress vulnerability analysis and mitigation

The CVE-2023-45275 is a Missing Authorization vulnerability affecting the Kali Forms Contact Form builder with drag & drop WordPress plugin. The vulnerability was discovered in versions up to and including 2.3.28, and was publicly disclosed on October 6, 2023. This security issue involves broken access control that affects the plugin's functionality (Patchstack, WPScan).

The vulnerability is classified as CWE-862 (Missing Authorization) and has received a CVSS v3.1 score of 6.5 (Medium). The security flaw stems from a missing capability check on the getlog function, which creates a potential security risk in the form handling system. The vulnerability has been assigned a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating network accessibility with low attack complexity and requiring low privileges ([Patchstack](https://patchstack.com/database/wordpress/plugin/kali-forms/vulnerability/wordpress-contact-form-builder-with-drag-drop-plugin-2-3-27-broken-access-control-vulnerability?s_id=cve)).

The vulnerability allows authenticated attackers with subscriber-level access or higher to retrieve submission logs without proper authorization. This unauthorized access to form submission data could lead to exposure of sensitive information submitted through the contact forms (WPScan).

The vulnerability has been fixed in version 2.3.29 of the Kali Forms plugin. Users are advised to update to this version or later to resolve the security issue. For users unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks (Patchstack).