Lucene search

WpvulndbWPVDB-ID:2C8AFA1F-DDF6-4F5B-B3FE-F759E8C68263

HistoryMay 01, 2024 - 12:00 a.m.

Smart Forms < 2.6.92 - Missing Authorization to Notice Dismissal

2024-05-0100:00:00

wpscan.com

wordpress

smart forms

vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

9.0%

JSON

Description The Smart Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rednao_smart_forms_dont_show_again() function in versions up to, and including, 2.6.91. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices.

References

www.wordfence.com/threat-intel/vulnerabilities/id/8a643fa1-afdb-4710-ba1c-3b226b4098bd

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for WPVDB-ID:2C8AFA1F-DDF6-4F5B-B3FE-F759E8C68263