CVE-2022-0163

Summary

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form.

Affected Software

VendorProductVersion RangeStatus
UnknownSmart Forms – when you need more than just a contact form2.6.71 < 2.6.71affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

References