3 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91. Vulnerabilidad de falta de autorización en RedNao Smart Forms. Este problema afecta a Smart Forms: desde n/a hasta 2.6.91. The Smart Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rednao_smart_forms_dont_show_again() function in versions up to, and including, 2.6.91. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices. • https://patchstack.com/database/vulnerability/smart-forms/wordpress-smart-forms-plugin-2-6-91-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

The Smart Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the smart_forms_save_settings() function hooked via AJAX in versions up to, and including, 2.6.84. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options which can be used for remote code execution. • CWE-862: Missing Authorization •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the rednao_smart_forms_save_form_values function in versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to edit forms, including entering stored cross-site scripting, as output is not properly escaped. • CWE-862: Missing Authorization •