Lucene search
WPScanCVE-2024-1306HistoryApr 15, 2024 - 5:15 a.m.
CVE-2024-1306
2024-04-1505:15:14
WPScan
web.nvd.nist.gov
37
cve-2024-1306
organization
individual
nvd
publicized
details
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
6.7
Confidence
Low
EPSS
0
Percentile
9.0%
The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk.
Affected configurations
Node
smart_formsRange<2.6.94wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| * | smart_forms | * | cpe:2.3:a:*:smart_forms:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Smart Forms ",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "2.6.94"
}
],
"defaultStatus": "unaffected"
}
]Related
vulnrichment
vulnrichment
CVE-2024-1306 Smart Forms < 2.6.94 - Edit Entries via CSRF
2024-04-15 05:00:03
wpexploit
wpexploit
Smart Forms < 2.6.94 - Edit Entries via CSRF
2024-03-25 00:00:00
cvelist
cvelist
CVE-2024-1306 Smart Forms < 2.6.94 - Edit Entries via CSRF
2024-04-15 05:00:03
wpvulndb
wpvulndb
Smart Forms < 2.6.94 - Edit Entries via CSRF
2024-03-25 00:00:00
nvd
nvd
CVE-2024-1306
2024-04-15 05:15:14
wordfence
wordfence
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
6.7
Confidence
Low
EPSS
0
Percentile
9.0%
Related for CVE-2024-1306