CVE-2024-1307Incorrect Authorization in Smart Forms

CWE-863Incorrect AuthorizationCWE-862Missing Authorization3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 50.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Rednao Smart Forms
Timeline
PublishedApr 15

Description

The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDrednao/smart_forms< 2.6.94

🔴Vulnerability Details

2
CVEList
Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control2024-04-15
GHSA
GHSA-8j2w-2cpm-xpmr: The Smart Forms WordPress plugin before 22024-04-15
CVE-2024-1307 — Incorrect Authorization in Smart Forms | cvebase