Lucene search
K

117 matches found

OSV
OSV
added 2024/04/29 6:15 a.m.4 views

CVE-2024-1905

The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.8AI score0.0047EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/04/29 6:0 a.m.27 views

CVE-2024-1905 Smart Forms < 2.6.96 - Admin+ Stored XSS

The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.5AI score0.0047EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/04/29 6:0 a.m.11 views

CVE-2024-1905 Smart Forms < 2.6.96 - Admin+ Stored XSS

The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.6AI score0.0047EPSS
Exploits2References1
Patchstack
Patchstack
added 2024/04/29 12:0 a.m.10 views

WordPress Smart Forms Plugin < 2.6.96 is vulnerable to Cross Site Scripting (XSS)

Software Smart Forms Type Plugin Vulnerable versions 2.6.96 Fixed in 2.6.96 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1905 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f2ffffc8c85a Credits Bob Matyas Required privileg...

5.7AI score0.0047EPSS
Exploits2References4Affected Software1
CNNVD
CNNVD
added 2024/04/29 12:0 a.m.7 views

WordPress plugin Smart Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

4.3CVSS6.7AI score0.0034EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/29 12:0 a.m.5 views

PT-2024-25362 · Rednao · Rednao Smart Forms

Name of the Vulnerable Software and Affected Versions: RedNao Smart Forms versions 2.6.91 and earlier Description: The issue is related to a Missing Authorization vulnerability in RedNao Smart Forms. Recommendations: For RedNao Smart Forms versions 2.6.91 and earlier, at the moment, there is no...

4.3CVSS5.9AI score0.0034EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/04/29 12:0 a.m.5 views

WordPress plugin Smart Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.9CVSS6.1AI score0.0047EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/04/28 12:0 a.m.5 views

PT-2024-18411 · WordPress · Smart Forms

Name of the Vulnerable Software and Affected Versions: The Smart Forms WordPress plugin versions prior to 2.6.96 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised an...

5.9CVSS5.3AI score0.0047EPSS
Exploits2References6
Patchstack
Patchstack
added 2024/04/25 2:54 p.m.6 views

WordPress Smart Forms plugin <= 2.6.91 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Smart Forms versions = 2.6.91...

4.3CVSS7AI score0.0034EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/25 12:0 a.m.21 views

WordPress Smart Forms Plugin <= 2.6.91 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions = 2.6.91 Fixed in 2.6.92 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33593 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 810e0b29d7f7 Credits Dhabaleshwar Das Required...

4.3CVSS6.6AI score0.0034EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/15 12:43 p.m.4 views

WordPress Smart Forms plugin < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control vulnerability

Subscriber+ Edit Entries via Broken Access Control vulnerability discovered by Amir Hossein Fallahi in WordPress Plugin Smart Forms versions 2.6.94...

6.5CVSS8.5AI score0.00534EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2024/04/15 12:43 p.m.4 views

WordPress Smart Forms plugin < 2.6.94 - Edit Entries via CSRF vulnerability

Edit Entries via CSRF vulnerability discovered by Amir Hossein Fallahi in WordPress Plugin Smart Forms versions 2.6.94...

5.4CVSS7AI score0.00226EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2024/04/15 5:15 a.m.20 views

CVE-2024-1307

The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...

6.5CVSS6.3AI score0.00534EPSS
Exploits2References1
OSV
OSV
added 2024/04/15 5:15 a.m.7 views

CVE-2024-1307

The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...

6.5CVSS7.3AI score0.00534EPSS
Exploits2References1
OSV
OSV
added 2024/04/15 5:15 a.m.4 views

CVE-2024-1306

The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk...

5.4CVSS5.8AI score0.00226EPSS
Exploits2References1
NVD
NVD
added 2024/04/15 5:15 a.m.20 views

CVE-2024-1306

The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk...

5.4CVSS6.4AI score0.00226EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/04/15 5:0 a.m.11 views

CVE-2024-1307 Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control

The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...

6.7AI score0.00534EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/04/15 5:0 a.m.12 views

CVE-2024-1306 Smart Forms < 2.6.94 - Edit Entries via CSRF

The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk...

6.4AI score0.00226EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/04/15 5:0 a.m.28 views

CVE-2024-1306 Smart Forms < 2.6.94 - Edit Entries via CSRF

The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk...

6.7AI score0.00226EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/04/15 5:0 a.m.26 views

CVE-2024-1307 Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control

The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...

6.6AI score0.00534EPSS
Exploits2References1
Rows per page
Query Builder