2 matches found
CVE-2022-0163
The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednaosmartformsentrieslist AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form...
CVE-2022-0163
CVE-2022-0163 concerns the WordPress plugin Smart Forms prior to 2.6.71, which exposes the rednao_smart_forms_entries_list AJAX endpoint without proper authorization. This allows any authenticated user (e.g., a subscriber) to download arbitrary form data, potentially exposing sensitive informatio...