Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

117 matches found

RedhatCVE
RedhatCVEadded 2026/02/15 7:10 a.m.9 views

CVE-2026-2022

The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednaosmartformsgetcampaigns' AJAX action in all versions up to, and including, 2.6.99. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.5AI score0.00252EPSS
Exploits0References1
NVD
NVDadded 2026/02/14 7:16 a.m.7 views

CVE-2026-2022

The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednaosmartformsgetcampaigns' AJAX action in all versions up to, and including, 2.6.99. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS0.00252EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/02/14 6:42 a.m.3 views

CVE-2026-2022 Smart Forms <= 2.6.99 - Missing Authorization to Authenticated (Subscriber+) Campaign Data Exposure

The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednaosmartformsgetcampaigns' AJAX action in all versions up to, and including, 2.6.99. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.5AI score0.00252EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/02/14 6:42 a.m.24 views

CVE-2026-2022 Smart Forms <= 2.6.99 - Missing Authorization to Authenticated (Subscriber+) Campaign Data Exposure

The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednaosmartformsgetcampaigns' AJAX action in all versions up to, and including, 2.6.99. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS0.00252EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/02/14 6:42 a.m.3 views

CVE-2026-2022

The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednaosmartformsgetcampaigns' AJAX action in all versions up to, and including, 2.6.99. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.5AI score0.00252EPSS
Exploits0References4
CVE
CVEadded 2026/02/14 6:42 a.m.19 views

CVE-2026-2022

CVE-2026-2022 concerns WordPress plugin Smart Forms. The vulnerability is a missing capability check on the AJAX action rednao_smart_forms_get_campaigns, affecting all versions up to and including 2.6.99. This allows authenticated attackers with Subscriber-level access and above to retrieve donat...

4.3CVSS5.5AI score0.00252EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/02/14 12:0 a.m.5 views

WordPress plugin Smart Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00252EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/02/14 12:0 a.m.6 views

PT-2026-8088

The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednao smart forms get campaigns' AJAX action in all versions up to, and including, 2.6.99. This makes it possible for authenticated attackers, with Subscriber-level access...

4.3CVSS5.5AI score0.00252EPSS
Exploits0References4
Patchstack
Patchstackadded 2026/02/13 11:18 p.m.4 views

WordPress Smart Forms plugin <= 2.6.99 - Missing Authorization to Authenticated (Subscriber+) Campaign Data Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Campaign Data Exposure vulnerability discovered by lucsob in WordPress Plugin Smart Forms versions = 2.6.99...

4.3CVSS5.5AI score0.00252EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2019-15492

Malware in sbrugna...

8.8CVSS5.9AI score0.0116EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2023-53764

Malicious code in bioql PyPI...

8.8CVSS9.1AI score0.00512EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2022-15371

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00973EPSS
Exploits2References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-28372

Malicious code in bioql PyPI...

4.4CVSS5AI score0.00241EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2024-31330

Malicious code in bioql PyPI...

4.3CVSS6.4AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/26 3:1 a.m.21 views

CVE-2025-5055

The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.98 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS5.8AI score0.00241EPSS
Exploits0References1
NVD
NVDadded 2025/05/24 3:15 a.m.11 views

CVE-2025-5055

The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.98 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS0.00241EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/05/24 2:23 a.m.6 views

CVE-2025-5055 Smart Forms <= 2.6.98 - Authenticated (Admin+) Stored Cross-Site Scripting

The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.98 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS4.4AI score0.00241EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/05/24 2:23 a.m.28 views

CVE-2025-5055 Smart Forms <= 2.6.98 - Authenticated (Admin+) Stored Cross-Site Scripting

The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.98 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS0.00241EPSS
Exploits0References3
CVE
CVEadded 2025/05/24 2:23 a.m.58 views

CVE-2025-5055

CVE-2025-5055 affects the WordPress plugin Smart Forms (versions up to 2.6.98). The root cause is insufficient input sanitization and output escaping in admin settings, enabling stored XSS. Exploitation requires authenticated admin+ privileges and can inject scripts that execute when users load i...

4.4CVSS4.4AI score0.00241EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/05/24 12:0 a.m.3 views

PT-2025-22834 · Unknown · Smart Forms

Name of the Vulnerable Software and Affected Versions: The Smart Forms versions up to, and including, 2.6.98 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with...

4.4CVSS4.4AI score0.00241EPSS
Exploits0References6
Rows per page
Query Builder