CVE-2023-7203

Name of the Vulnerable Software and Affected Versions Smart Forms WordPress plugin versions prior to 2.6.87

Description The issue concerns a lack of authorization in various AJAX actions within the plugin, allowing users with a low role, such as a subscriber, to perform unauthorized actions like deleting entries. Additionally, the plugin lacks CSRF checks in some areas, making it possible for attackers to trick logged-in users into performing unwanted actions via CSRF attacks, including deleting entries.

Recommendations For versions prior to 2.6.87, update to version 2.6.87 or later to resolve the issue. As a temporary workaround, consider restricting access to AJAX actions and implementing CSRF checks to minimize the risk of exploitation.