Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-7203— Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion

EPSS 0.19% · P41
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-7203

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as deleting entries.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress plugin Smart Forms 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Smart Forms 2.6.87 版本之前存在安全漏洞,该漏洞源于在各种 AJAX 操作中没有授权,这可能允许具有低至订阅者角色的用户调用它们并执行未经授权的操作。该插件在某些地方还缺乏 CSRF 检查,这可能允许攻击者通
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
UnknownSmart Forms 0 ~ 2.6.87 -

II. Public POCs for CVE-2023-7203

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-7203

登录查看更多情报信息。

Same Patch Batch · Unknown · 2024-02-27 · 10 CVEs total

CVE-2023-7202Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending
CVE-2023-7167Persian Fonts <= 1.6 - Admin+ Stored XSS
CVE-2023-6585JobSearch WP Job Board < 2.3.4 - Arbitrary File Upload to RCE
CVE-2023-6584JobSearch WP Job Board < 2.3.4 - Authentication Bypass
CVE-2023-7198WPDashboardNotes < 1.0.11 - Unauthorised Deletion of Private Notes
CVE-2023-7115PageLayer < 1.8.1 - Admin+ Stored XSS
CVE-2024-0855Spiffy Calendar < 4.9.9 - Broken Access Control
CVE-2023-7165JetBackup < 2.0.9.9 - Directory Listing Exposing Backups
CVE-2024-1106Shariff Wrapper < 4.6.10 - Admin+ Stored XSS

IV. Related Vulnerabilities

Same product: Smart Forms
Same vendor: Unknown

V. Comments for CVE-2023-7203

No comments yet

Leave a comment