CVE-2022-0163
N/A
N/A
Summary
The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Smart Forms – when you need more than just a contact form | 2.6.71 < 2.6.71 | affected |
Weaknesses
- CWE-862: CWE-862 Missing Authorization
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.