CVE-2022-0163

CVE-2022-0163: Smart Forms < 2.6.71 - Subscriber+ Form Data Download

Vendor Unknown
Product Smart Forms – when you need more than just a contact form
Weakness CWE-862 · Missing authorization
Published March 7, 2022
Last update August 2, 2024

CVSS base score

What the vulnerability does

01Description

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form.

Key dates

02Disclosure timeline

March 7, 2022 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE