CVE-2023-7203

🗓️ 27 Feb 2024 08:30:25Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 4281 Views🌐 WEB

The Smart Forms WordPress plugin before 2.6.87 allows unauthorized actions including entry deletio

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2023-7203	27 Feb 202410:26	–	circl
CNNVD	WordPress plugin Smart Forms security vulnerability	27 Feb 202400:00	–	cnnvd
Cvelist	CVE-2023-7203 Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion	27 Feb 202408:30	–	cvelist
NVD	CVE-2023-7203	27 Feb 202409:15	–	nvd
OSV	CVE-2023-7203	27 Feb 202409:15	–	osv
Patchstack	WordPress Smart Forms Plugin < 2.6.87 is vulnerable to Broken Access Control	27 Feb 202400:00	–	patchstack
Prion	Cross site request forgery (csrf)	27 Feb 202409:15	–	prion
Positive Technologies	PT-2024-15228 · WordPress · Smart Forms	2 Feb 202400:00	–	ptsecurity
Vulnrichment	CVE-2023-7203 Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion	27 Feb 202408:30	–	vulnrichment
wpexploit	Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion	2 Feb 202400:00	–	wpexploit

NVD

Vulners

Vulnrichment

Node

rednao smart_formsRange<2.6.87wordpress

[
  {
    "vendor": "Unknown",
    "product": "Smart Forms",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "2.6.87"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/b514b631-c3e3-4793-ab5d-35ed0c38b011/

Parameter	Position	Path	Description	CWE
action	request body	/wp-admin/admin-ajax.php	AJAX action exposed without proper authorization/CSRF checks allowing low-privilege users to delete entries	CWE-352
data	request body	/wp-admin/admin-ajax.php	AJAX action exposed without proper authorization/CSRF checks allowing low-privilege users to delete entries	CWE-352

08 Apr 2025 19:43Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.16.1

EPSS0.00191

SSVC

CWE-352