Lucene search
K

117 matches found

CNNVD
CNNVD
added 2024/04/15 12:0 a.m.4 views

WordPress Plugin Smart Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability previously existed...

5.4CVSS6.5AI score0.00226EPSS
Exploits2References2
Patchstack
Patchstack
added 2024/04/15 12:0 a.m.17 views

WordPress Smart Forms Plugin < 2.6.94 is vulnerable to Cross Site Request Forgery (CSRF)

Software Smart Forms Type Plugin Vulnerable versions 2.6.94 Fixed in 2.6.94 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1306 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b8231f973f18 Credits Amir Hossein Fallahi...

5.4CVSS6.6AI score0.00226EPSS
Exploits2References4Affected Software1
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.6 views

WordPress Plugin Smart Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability previously existed...

6.5CVSS7.9AI score0.00534EPSS
Exploits2References2
Patchstack
Patchstack
added 2024/04/15 12:0 a.m.9 views

WordPress Smart Forms Plugin < 2.6.94 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions 2.6.94 Fixed in 2.6.94 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1307 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 966287948243 Credits Amir Hossein Fallahi Required...

6.5CVSS6.5AI score0.00534EPSS
Exploits2References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/14 12:0 a.m.5 views

PT-2024-17910 · WordPress · Smart Forms

Name of the Vulnerable Software and Affected Versions: The Smart Forms WordPress plugin versions prior to 2.6.94 Description: The issue is related to the lack of CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as...

5.4CVSS6.2AI score0.00226EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2024/04/14 12:0 a.m.7 views

PT-2024-17914 · WordPress · Smart Forms

Name of the Vulnerable Software and Affected Versions: The Smart Forms WordPress plugin versions prior to 2.6.94 Description: The issue is related to improper authorization in some actions within the plugin, allowing users with a low role, such as a subscriber, to perform unauthorized actions...

6.5CVSS9.1AI score0.00534EPSS
Exploits2References7
WPVulnDB
WPVulnDB
added 2024/04/08 12:0 a.m.15 views

Smart Forms < 2.6.96 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a new form or edit an...

5.5AI score0.0047EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2024/04/08 12:0 a.m.136 views

Smart Forms < 2.6.96 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a new form or edit an existing...

5.7AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.175 views

Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control

Description The plugin does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions While logged as a subscriber, paste the following in your browser's console: fetch'/wp-admin/admin-ajax.php', method:...

6.7AI score0.00534EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/03/25 12:0 a.m.14 views

Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control

Description The plugin does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions PoC While logged as a subscriber, paste the following in your browser's console: fetch'/wp-admin/admin-ajax.php',...

6.4AI score0.00534EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.144 views

Smart Forms < 2.6.94 - Edit Entries via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk. CSRF PoC CSRF PoC input type="hidden" name="elementOptions"...

6.8AI score0.00226EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/03/25 12:0 a.m.13 views

Smart Forms < 2.6.94 - Edit Entries via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk. PoC CSRF PoC...

6.5AI score0.00226EPSS
Exploits2Affected Software1
OSV
OSV
added 2024/02/27 9:15 a.m.8 views

CVE-2023-7203

The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow...

6.1CVSS5.8AI score0.00217EPSS
Exploits2References1
Prion
Prion
added 2024/02/27 9:15 a.m.12 views

Cross site request forgery (csrf)

The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow...

7AI score0.00217EPSS
Exploits2References1
CVE
CVE
added 2024/02/27 8:30 a.m.4288 views

CVE-2023-7203

The Smart Forms WordPress plugin (versions prior to 2.6.87) suffers Broken Access Control via insufficient authorization on AJAX actions and missing CSRF checks, allowing a low-privilege role (subscriber) to trigger administrative actions such as deleting entries. Exploitation details appear in p...

6.1CVSS6.1AI score0.00217EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2024/02/27 8:30 a.m.31 views

CVE-2023-7203 Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion

The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow...

6.7AI score0.00217EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.7 views

WordPress plugin Smart Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

6.1CVSS6.4AI score0.00217EPSS
Exploits2References2
Patchstack
Patchstack
added 2024/02/27 12:0 a.m.11 views

WordPress Smart Forms Plugin < 2.6.87 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions 2.6.87 Fixed in 2.6.87 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-7203 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 959e4abbd849 Credits Mohammad Reza Omrani Require...

6.1CVSS6.4AI score0.00217EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2024/02/07 2:51 p.m.35 views

CVE-2024-24771 Open Forms potential multi-factor authentication bypass

Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials username + password compromised could potentially have the second-factor authentication...

7.7CVSS7.9AI score0.00599EPSS
Exploits0References5
CVE
CVE
added 2024/02/07 2:51 p.m.99 views

CVE-2024-24771

Open Forms CVE-2024-24771 affects multiple versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2, with a non-exploitable MFA weakness that could allow a second-factor bypass if a superuser’s credentials are compromised. Attack could let the attacker view sensitive submissions or impersonate staff if b...

7.7CVSS5.8AI score0.00599EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder