3 matches found
CVE-2024-1307 Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control
The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...
CVE-2024-1307
CVE-2024-1307 refers to the Smart Forms WordPress plugin vulnerability. The issue is an authorization weakness in certain actions, allowing users with a low role (subscriber) to call those actions and perform unauthorized operations. Public sources in connected documents confirm the affected vers...
WordPress Smart Forms Plugin < 2.6.94 is vulnerable to Broken Access Control
Software Smart Forms Type Plugin Vulnerable versions 2.6.94 Fixed in 2.6.94 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1307 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 966287948243 Credits Amir Hossein Fallahi Required...