Easy Form Builder by Bitware <= 1.0 – Unauthorised AJAX calls

Description

While confirming https://wpscan.com/vulnerability/ed0c054b-54bf-4df8-9015-c76704c93484, we noticed that all AJAX actions of the plugin, available to authenticated users, do not have any CSRF and authorisation checks in place, allowing low privilege users to call them and delete/edit arbitrary forms and their data for example.

Proof of Concept

The PoC will be displayed once the issue has been remediated.

Affects Plugins

easy-form-builder-by-bitware

No known fix

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CWE-284

CVSS

7.4 (high)

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID

a8b959e3-891c-4132-8ffc-fb25206ce9f9

Timeline

Publicly Published

2021-03-27 (about 4 years ago)

Added

2021-03-27 (about 4 years ago)

Last Updated

2023-01-05 (about 3 years ago)

Other

Published

Title

Published

2024-01-24

Title

Views for WPForms < 3.2.3 - Missing Authorization via create_view

Published

2024-12-04

Title

Published

2021-09-20

Title

Multiple Plugins from CatchThemes - Unauthorised Plugin's Setting Change

Published

2021-08-23

Title

OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion

Published

2024-12-10

Title

Last Viewed Posts by WPBeginner < 1.0.2 - Unauthenticated Sensitive Information Exposure