Lucene search
WPScanVULNRICHMENT:CVE-2023-7203HistoryFeb 27, 2024 - 8:30 a.m.
CVE-2023-7203 Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion
2024-02-2708:30:25
WPScan
github.com
1
wordpress plugin
vulnerability
subscriber role
arbitrary entry deletion
csrf attacks
The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as deleting entries.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:rednao:smart_forms:*:*:*:*:*:wordpress:*:*"
],
"vendor": "rednao",
"product": "smart_forms",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "2.6.87",
"versionType": "semver"
}
],
"defaultStatus": "unknown"
}
]Related
nvd
nvd
CVE-2023-7203
2024-02-27 09:15:37
cvelist
cvelist
CVE-2023-7203 Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion
2024-02-27 08:30:25
wpexploit
wpexploit
Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion
2024-02-02 00:00:00
prion
prion
Cross site request forgery (csrf)
2024-02-27 09:15:00
cve
cve
CVE-2023-7203
2024-02-27 09:15:37
wpvulndb
wpvulndb
Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion
2024-02-02 00:00:00
AI Score
6.8
Confidence
High
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2023-7203