01642 06 11 11 Arrange Call

Arbitrary Data Download Vulnerability in Smart Forms WordPress Plugin

CVE-2022-0163 · MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-0163

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form.

Learn more about our Wordpress Pen Testing.