Description

WordPress Plugin Smart Forms-when you need more than just a contact form is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently to download arbitrary form's data, which could include sensitive information such as PII depending on the form. WordPress Plugin Smart Forms-when you need more than just a contact form version 2.6.70 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.6.71 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:2B6B0731-4515-498A-82BD-D416F5885268

https://plugins.svn.wordpress.org/smart-forms/trunk/readme.txt

Related Vulnerabilities

MySQL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0735)

WordPress Plugin WP ULike Cross-Site Scripting (3.1)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2517)

WordPress Plugin Gravity Forms Advanced File Uploader Unspecified Vulnerability (1.18)

jQuery Validation Other Vulnerability (CVE-2022-31147)

Severity

High

Classification

CVE-2022-0163 CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass