Lucene search
K

117 matches found

Positive Technologies
Positive Technologies
added 2025/05/24 12:0 a.m.6 views

PT-2025-22834 · Unknown · Smart Forms

Name of the Vulnerable Software and Affected Versions: The Smart Forms versions up to, and including, 2.6.98 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with...

4.4CVSS4.4AI score0.00241EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/05/23 9:45 p.m.9 views

WordPress Smart Forms plugin <= 2.6.98 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Joel Indra in WordPress Plugin Smart Forms versions = 2.6.98...

4.4CVSS5.5AI score0.00241EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 8:22 a.m.8 views

CVE-2024-1306

The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk...

5.4CVSS6.7AI score0.00226EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:18 a.m.13 views

CVE-2024-33593

Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91...

4.3CVSS5.1AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:17 a.m.7 views

CVE-2024-1905

The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.0047EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:36 a.m.7 views

CVE-2023-49856

Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through = 2.6.84...

8.8CVSS7.3AI score0.00522EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:26 p.m.9 views

CVE-2022-0163

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednaosmartformsentrieslist AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form...

6.5CVSS6.5AI score0.00973EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:30 p.m.5 views

CVE-2020-6205

SAP NetWeaver AS ABAP Business Server Pages Smart Forms, SAPBASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content...

6.1CVSS6.4AI score0.00749EPSS
Exploits0References1
OSV
OSV
added 2024/12/09 1:15 p.m.3 views

CVE-2023-49856

Missing Authorization vulnerability in RedNao Smart Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through 2.6.84...

8.8CVSS5.8AI score0.00522EPSS
Exploits0References1
NVD
NVD
added 2024/12/09 1:15 p.m.16 views

CVE-2023-49856

Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through = 2.6.84...

8.8CVSS0.00522EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/09 11:30 a.m.15 views

CVE-2023-49856 WordPress Smart Forms plugin <= 2.6.84 - Authenticated Arbitrary Options Change Vulnerability

Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through = 2.6.84...

8.1CVSS8.5AI score0.00522EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/09 11:30 a.m.18 views

CVE-2023-49856 WordPress Smart Forms plugin <= 2.6.84 - Authenticated Arbitrary Options Change Vulnerability

Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through = 2.6.84...

8.1CVSS0.00522EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.4 views

WordPress plugin Smart Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8.8CVSS8.7AI score0.00522EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.21 views

Smart Forms < 2.6.92 - Missing Authorization to Notice Dismissal

Description The Smart Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rednaosmartformsdontshowagain function in versions up to, and including, 2.6.91. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS6.7AI score0.0034EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/29 12:5 p.m.4 views

WordPress Smart Forms plugin < 2.6.96 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Smart Forms versions 2.6.96...

5.9CVSS6.1AI score0.0047EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2024/04/29 10:15 a.m.3 views

CVE-2024-33593

Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91...

4.3CVSS5.8AI score0.0034EPSS
Exploits0References1
NVD
NVD
added 2024/04/29 10:15 a.m.26 views

CVE-2024-33593

Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91...

4.3CVSS4.7AI score0.0034EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/29 10:9 a.m.18 views

CVE-2024-33593 WordPress Smart Forms plugin <= 2.6.91 - Broken Access Control vulnerability

Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91...

4.3CVSS6.9AI score0.0034EPSS
Exploits0References1
CVE
CVE
added 2024/04/29 10:9 a.m.63 views

CVE-2024-33593

CVE-2024-33593: Missing Authorization vulnerability in RedNao Smart Forms affecting Smart Forms up to version 2.6.91. Connected Red Hat entry confirms the issue description; no publicly documented exploitation details, impact specifics, or remediation in the provided documents. The known issue is...

4.3CVSS5.1AI score0.0034EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/04/29 10:9 a.m.33 views

CVE-2024-33593 WordPress Smart Forms plugin <= 2.6.91 - Broken Access Control vulnerability

Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91...

4.3CVSS5AI score0.0034EPSS
Exploits0References1
Rows per page
Query Builder