← Back

CVE-2023-7203

nvd nist
Published: Feb 27, 2024Modified: Apr 8, 2025

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as deleting entries.

Affected (1)

Products: Rednao: Smart Forms
Rednao
1 product
Smart Forms
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Smart Forms
Before 2.6.87

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

Source: contact@wpscan.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.