Description
WordPress Plugin Smart Forms-when you need more than just a contact form is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently to download arbitrary form's data, which could include sensitive information such as PII depending on the form. WordPress Plugin Smart Forms-when you need more than just a contact form version 2.6.70 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.6.71 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:2B6B0731-4515-498A-82BD-D416F5885268
https://plugins.svn.wordpress.org/smart-forms/trunk/readme.txt
Related Vulnerabilities
Python Incorrect Conversion between Numeric Types Vulnerability (CVE-2008-1721)
MySQL CVE-2015-4913 Vulnerability (CVE-2015-4913)
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (3.5.2)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-5447)
Drupal Core 4.6.x Form Action Attribute Injection (4.6.0 - 4.6.9)