Lucene search
+L

117 matches found

ptsecurity
ptsecurity
added 2024/02/02 12:0 a.m.5 views

PT-2024-15228 · WordPress · Smart Forms

Name of the Vulnerable Software and Affected Versions: Smart Forms WordPress plugin versions prior to 2.6.87 Description: The issue concerns a lack of authorization in various AJAX actions within the plugin, allowing users with a low role, such as a subscriber, to perform unauthorized actions lik...

6.1CVSS7.1AI score0.00217EPSS
Exploits2References8
wpexploit
wpexploit
added 2024/02/02 12:0 a.m.166 views

Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion

Description The plugin does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged ...

6.7AI score0.00217EPSS
Exploits2
wpvulndb
wpvulndb
added 2024/02/02 12:0 a.m.16 views

Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion

Description The plugin does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged ...

6.5AI score0.00217EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2023/12/10 12:0 a.m.15 views

Smart Forms < 2.6.85 - Subscriber+ Arbitrary Options Update

Description The plugin does not have authorisation in an AJAX action hooked to smartformssavesettings, and does not ensure that the option to be updated belong to the plugin. As a result, any authenticated users, such as subscriber could update arbitrary options such as defaultrole and...

6.7AI score0.00522EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2023/12/07 12:0 a.m.15 views

WordPress Smart Forms Plugin <= 2.6.84 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions = 2.6.84 Fixed in 2.6.85 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49856 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 636ea1edcfea Credits Abdi Pranata Required privile...

6.5AI score0.00522EPSS
Exploits0References2Affected Software1
cve
cve
added 2022/06/13 12:10 p.m.77 views

CVE-2022-31040

CVE-2022-31040 affects Open Forms before versions 1.0.9 and 1.1.1, where the cookie consent page contains an open redirect via an injectable referer query parameter. The issue enables phishing redirects initiated by the Open Forms backend on a legitimate page. Connected sources confirm patches in...

7.1CVSS6.3AI score0.00667EPSS
Exploits0References2Affected Software1
cnvd
cnvd
added 2022/03/09 12:0 a.m.25 views

WordPress Smart Forms Plugin Information Disclosure Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in WordPress Smart Forms Plugin versions prior to 2.6.71, which...

6.5CVSS6.2AI score0.00973EPSS
Exploits2References1
nvd
nvd
added 2022/03/07 9:15 a.m.17 views

CVE-2022-0163

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednaosmartformsentrieslist AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form...

6.5CVSS0.00973EPSS
Exploits2References1
osv
osv
added 2022/03/07 9:15 a.m.4 views

CVE-2022-0163

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednaosmartformsentrieslist AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form...

6.5CVSS6.8AI score0.00973EPSS
Exploits2References1
attackerkb
attackerkb
added 2022/03/07 9:15 a.m.7 views

CVE-2022-0163

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednaosmartformsentrieslist AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form...

6.5CVSS6.7AI score0.00973EPSS
Exploits2References2
prion
prion
added 2022/03/07 9:15 a.m.18 views

Information disclosure

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednaosmartformsentrieslist AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form...

4CVSS6.3AI score0.00973EPSS
Exploits2References1Affected Software1
cve
cve
added 2022/03/07 8:16 a.m.87 views

CVE-2022-0163

CVE-2022-0163 concerns the WordPress plugin Smart Forms prior to 2.6.71, which exposes the rednao_smart_forms_entries_list AJAX endpoint without proper authorization. This allows any authenticated user (e.g., a subscriber) to download arbitrary form data, potentially exposing sensitive informatio...

6.5CVSS6.3AI score0.00973EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2022/03/07 8:16 a.m.19 views

CVE-2022-0163 Smart Forms < 2.6.71 - Subscriber+ Form Data Download

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednaosmartformsentrieslist AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form...

6.5AI score0.00973EPSS
Exploits2References1
cnnvd
cnnvd
added 2022/03/07 12:0 a.m.7 views

WordPress的Smart Forms插件安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in WordPress Smart Forms Plugin versions prior to 2.6.71, which...

6.5CVSS5.9AI score0.00973EPSS
Exploits2References2
wpvulndb
wpvulndb
added 2022/02/14 12:0 a.m.21 views

Smart Forms < 2.6.71 - Subscriber+ Form Data Download

The plugin does not have authorisation in its rednaosmartformsentrieslist AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form. PoC Execute the below command in the web...

6.5CVSS1.9AI score0.00973EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/02/14 12:0 a.m.509 views

Smart Forms < 2.6.71 - Subscriber+ Form Data Download

The plugin does not have authorisation in its rednaosmartformsentrieslist AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form. Execute the below command in the web develop...

6.5CVSS6.3AI score0.00973EPSS
Exploits2
nvd
nvd
added 2020/03/10 9:15 p.m.22 views

CVE-2020-6205

SAP NetWeaver AS ABAP Business Server Pages Smart Forms, SAPBASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content...

6.1CVSS6.3AI score0.00749EPSS
Exploits0References2
cve
cve
added 2020/03/10 8:20 p.m.83 views

CVE-2020-6205

SAP NetWeaver AS ABAP Business Server Pages (Smart Forms) is affected across SAP BASIS versions 7.00–7.54 due to insufficient encoding of user-controlled inputs, enabling unauthenticated users to perform a Reflected Cross-Site Scripting (XSS) that can deface content, steal user credentials, imper...

6.1CVSS6.2AI score0.00749EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2020/03/10 8:20 p.m.30 views

CVE-2020-6205

SAP NetWeaver AS ABAP Business Server Pages Smart Forms, SAPBASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content...

6.1CVSS6.3AI score0.00749EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2020/03/10 12:0 a.m.5 views

PT-2020-19006 · Sap · Sap Netweaver As Abap +1

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP Business Server Pages Smart Forms, SAP BASIS versions 7.00 through 7.54 Description: The issue arises from insufficient encoding of user-controlled inputs, allowing an unauthenticated attacker to non-permanently deface o...

6.1CVSS6.2AI score0.00749EPSS
Exploits0References4
Rows per page
Query Builder