CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32603 – WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32603
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy – Smart Donations plugin <= 4.0.12 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en el plugin Donations Made Easy - Smart Donations de RedNao. The Donations Made Easy – Smart Donations plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/smart-donations/wordpress-donations-made-easy-smart-donations-plugin-4-0-12-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0163 – Smart Forms < 2.6.71 - Subscriber+ Form Data Download
https://notcve.org/view.php?id=CVE-2022-0163
The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form. El plugin Smart Forms de WordPress versiones anteriores a 2.6.71, no presenta autorización en su acción AJAX rednao_smart_forms_entries_list, permitiendo a cualquier usuario autenticado, como el suscriptor, descargar datos arbitrarios del formulario, que podrían incluir información confidencial como PII dependiendo del formulario • https://wpscan.com/vulnerability/2b6b0731-4515-498a-82bd-d416f5885268 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5924 – Smart Forms < 2.6.26 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-5924
Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en Smart Forms, en su versión 2.6.15 y anteriores, permite a los atacantes remotos secuestrar la autenticación de administradores mediante una página especialmente manipulada. • http://jvn.jp/jp/JVN97656108/index.html https://wordpress.org/plugins/smart-forms/#developers https://wpvulndb.com/vulnerabilities/9232 • CWE-352: Cross-Site Request Forgery (CSRF) •