Description
WordPress Plugin Smart Forms-when you need more than just a contact form is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently to download arbitrary form's data, which could include sensitive information such as PII depending on the form. WordPress Plugin Smart Forms-when you need more than just a contact form version 2.6.70 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.6.71 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:2B6B0731-4515-498A-82BD-D416F5885268
https://plugins.svn.wordpress.org/smart-forms/trunk/readme.txt
Related Vulnerabilities
Atlassian Jira Improper Authentication Vulnerability (CVE-2021-39119)
WordPress Plugin HTML5 jQuery Audio Player Multiple Cross-Site Scripting Vulnerabilities (2.3)
WordPress Plugin PHP Everywhere Multiple Remote Code Execution Vulnerabilities (2.0.3)
phpBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-8226)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4133)