Vulnerability Details : CVE-2023-7203
The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as deleting entries.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2023-7203
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2023-7203
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-7203
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-08-27 |
CWE ids for CVE-2023-7203
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2023-7203
Jump to