Lucene search

[email protected]NVD:CVE-2024-1307

HistoryApr 15, 2024 - 5:15 a.m.

CVE-2024-1307

2024-04-1505:15:14

[email protected]

web.nvd.nist.gov

smart forms

wordpress

plugin

vulnerability

authorization

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.3

Confidence

High

EPSS

Percentile

9.0%

JSON

The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions

References

wpscan.com/vulnerability/bbc6cebd-e9bf-4b08-a474-f9312b3c0947/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2024-1307

cve1 cvelist1 wpexploit1 vulnrichment1 wpvulndb1 wordfence1