CVE-2024-1306

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 55.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Smart FormsRednao Smart Forms
Timeline
PublishedApr 15

Description

The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDrednao/smart_forms< 2.6.94
CVEListV5unknown/smart_forms< 2.6.94

🔴Vulnerability Details

2
GHSA
GHSA-p29c-5vv5-vh3p: The Smart Forms WordPress plugin before 22024-04-15
CVEList
Smart Forms < 2.6.94 - Edit Entries via CSRF2024-04-15
CVE-2024-1306 (MEDIUM CVSS 5.4) | The Smart Forms WordPress plugin be | cvebase.io