Lucene search
Mohammad Reza OmraniWPVDB-ID:B514B631-C3E3-4793-AB5D-35ED0C38B011HistoryFeb 02, 2024 - 12:00 a.m.
Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion
2024-02-0200:00:00
Mohammad Reza Omrani
wpscan.com
10
smart forms
subscriber
arbitrary entry deletion
authorization
ajax
csrf
attacks
Description The plugin does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as deleting entries.
PoC
Related
nvd
nvd
CVE-2023-7203
2024-02-27 09:15:37
cvelist
cvelist
CVE-2023-7203 Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion
2024-02-27 08:30:25
wpexploit
wpexploit
Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion
2024-02-02 00:00:00
prion
prion
Cross site request forgery (csrf)
2024-02-27 09:15:00
cve
cve
CVE-2023-7203
2024-02-27 09:15:37
vulnrichment
vulnrichment
CVE-2023-7203 Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion
2024-02-27 08:30:25
AI Score
6.5
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPVDB-ID:B514B631-C3E3-4793-AB5D-35ED0C38B011