Описание
The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.6.94 (исключая)
cpe:2.3:a:rednao:smart_forms:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 56%
0.00336
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 6.5
github
почти 2 года назад
The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions
EPSS
Процентиль: 56%
0.00336
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-863