117 matches found
CVE-2024-1905
The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-1905 Smart Forms < 2.6.96 - Admin+ Stored XSS
The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-1905 Smart Forms < 2.6.96 - Admin+ Stored XSS
The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Smart Forms Plugin < 2.6.96 is vulnerable to Cross Site Scripting (XSS)
Software Smart Forms Type Plugin Vulnerable versions 2.6.96 Fixed in 2.6.96 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1905 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f2ffffc8c85a Credits Bob Matyas Required privileg...
WordPress plugin Smart Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-25362 · Rednao · Rednao Smart Forms
Name of the Vulnerable Software and Affected Versions: RedNao Smart Forms versions 2.6.91 and earlier Description: The issue is related to a Missing Authorization vulnerability in RedNao Smart Forms. Recommendations: For RedNao Smart Forms versions 2.6.91 and earlier, at the moment, there is no...
WordPress plugin Smart Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-18411 · WordPress · Smart Forms
Name of the Vulnerable Software and Affected Versions: The Smart Forms WordPress plugin versions prior to 2.6.96 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised an...
WordPress Smart Forms plugin <= 2.6.91 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Smart Forms versions = 2.6.91...
WordPress Smart Forms Plugin <= 2.6.91 is vulnerable to Broken Access Control
Software Smart Forms Type Plugin Vulnerable versions = 2.6.91 Fixed in 2.6.92 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33593 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 810e0b29d7f7 Credits Dhabaleshwar Das Required...
WordPress Smart Forms plugin < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control vulnerability
Subscriber+ Edit Entries via Broken Access Control vulnerability discovered by Amir Hossein Fallahi in WordPress Plugin Smart Forms versions 2.6.94...
WordPress Smart Forms plugin < 2.6.94 - Edit Entries via CSRF vulnerability
Edit Entries via CSRF vulnerability discovered by Amir Hossein Fallahi in WordPress Plugin Smart Forms versions 2.6.94...
CVE-2024-1307
The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...
CVE-2024-1307
The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...
CVE-2024-1306
The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk...
CVE-2024-1306
The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk...
CVE-2024-1307 Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control
The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...
CVE-2024-1306 Smart Forms < 2.6.94 - Edit Entries via CSRF
The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk...
CVE-2024-1306 Smart Forms < 2.6.94 - Edit Entries via CSRF
The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk...
CVE-2024-1307 Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control
The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...