PT-2024-17914 · WordPress · Smart Forms
Amir Hossein Fallahi
·
Published
2024-04-14
·
Updated
2025-04-08
·
CVE-2024-1307
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
The Smart Forms WordPress plugin versions prior to 2.6.94
Description
The issue is related to improper authorization in some actions within the plugin, allowing users with a low role, such as a subscriber, to perform unauthorized actions.
Recommendations
For versions prior to 2.6.94, update to version 2.6.94 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive actions and functionality to higher-role users until the update can be applied.
Exploit
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Smart Forms