117 matches found
PT-2025-22834 · Unknown · Smart Forms
Name of the Vulnerable Software and Affected Versions: The Smart Forms versions up to, and including, 2.6.98 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with...
WordPress Smart Forms plugin <= 2.6.98 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Joel Indra in WordPress Plugin Smart Forms versions = 2.6.98...
CVE-2024-1306
The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk...
CVE-2024-33593
Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91...
CVE-2024-1905
The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-49856
Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through = 2.6.84...
CVE-2022-0163
The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednaosmartformsentrieslist AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form...
CVE-2020-6205
SAP NetWeaver AS ABAP Business Server Pages Smart Forms, SAPBASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content...
CVE-2023-49856
Missing Authorization vulnerability in RedNao Smart Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through 2.6.84...
CVE-2023-49856
Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through = 2.6.84...
CVE-2023-49856 WordPress Smart Forms plugin <= 2.6.84 - Authenticated Arbitrary Options Change Vulnerability
Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through = 2.6.84...
CVE-2023-49856 WordPress Smart Forms plugin <= 2.6.84 - Authenticated Arbitrary Options Change Vulnerability
Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through = 2.6.84...
WordPress plugin Smart Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
Smart Forms < 2.6.92 - Missing Authorization to Notice Dismissal
Description The Smart Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rednaosmartformsdontshowagain function in versions up to, and including, 2.6.91. This makes it possible for authenticated attackers, with subscriber-level...
WordPress Smart Forms plugin < 2.6.96 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Smart Forms versions 2.6.96...
CVE-2024-33593
Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91...
CVE-2024-33593
Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91...
CVE-2024-33593 WordPress Smart Forms plugin <= 2.6.91 - Broken Access Control vulnerability
Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91...
CVE-2024-33593
CVE-2024-33593: Missing Authorization vulnerability in RedNao Smart Forms affecting Smart Forms up to version 2.6.91. Connected Red Hat entry confirms the issue description; no publicly documented exploitation details, impact specifics, or remediation in the provided documents. The known issue is...
CVE-2024-33593 WordPress Smart Forms plugin <= 2.6.91 - Broken Access Control vulnerability
Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91...