CVE-2023-49856Missing Authorization in Smart Forms

CWE-862Missing Authorization3 documents3 sources
Severity
8.8HIGHNVD
CNA8.1
EPSS
0.5%
top 35.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Rednao Smart Forms
Timeline
PublishedDec 9

Description

Missing Authorization vulnerability in RedNao Smart Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through 2.6.84.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDrednao/smart_forms< 2.6.85
CVEListV5rednao/smart_formsn/a2.6.84

🔴Vulnerability Details

2
CVEList
WordPress Smart Forms plugin <= 2.6.84 - Authenticated Arbitrary Options Change Vulnerability2024-12-09
GHSA
GHSA-329j-3w84-m2g4: Missing Authorization vulnerability in RedNao Smart Forms allows Exploiting Incorrectly Configured Access Control Security Levels2024-12-09
CVE-2023-49856 — Missing Authorization in Smart Forms | cvebase