Description

WordPress Plugin Smart Forms-when you need more than just a contact form is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently to download arbitrary form's data, which could include sensitive information such as PII depending on the form. WordPress Plugin Smart Forms-when you need more than just a contact form version 2.6.70 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.6.71 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:2B6B0731-4515-498A-82BD-D416F5885268

https://plugins.svn.wordpress.org/smart-forms/trunk/readme.txt

Related Vulnerabilities

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-35132)

Apache HTTP Server Numeric Errors Vulnerability (CVE-2003-1580)

WordPress Plugin Smart Google Code Inserter Multiple Vulnerabilities (3.4)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29713)

WordPress Plugin Anti-Malware Security and Brute-Force Firewall Local File Inclusion (4.18.63)

Severity

High

Classification

CVE-2022-0163 CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass