Security Advisory

CVE-2022-0163

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-03-07 08:16:22

Last updated 2024-08-02 23:18:41

Assigner WPScan

State PUBLISHED

Description

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary forms data, which could include sensitive information such as PII depending on the form.

← Browse all CVEs View on cve.org ↗