Rednao Smart_forms
8 CVEs affecting Rednao Smart_forms. Latest disclosed: 2024-12-09. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-5924 | High | 8.8 | 2019-03-12 | Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a… |
CVE-2023-49856 | High | 8.1 | 2024-12-09 | Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af… |
CVE-2024-1307 | Medium | 6.5 | 2024-04-15 | The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber… |
CVE-2022-0163 | Medium | 6.5 | 2022-03-07 | The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users… |
CVE-2023-7203 | Medium | 6.1 | 2024-02-27 | The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to… |
CVE-2024-1905 | Medium | 5.9 | 2024-04-29 | The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perf… |
CVE-2024-1306 | Medium | 5.4 | 2024-04-15 | The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted… |
CVE-2024-33593 | Medium | 4.3 | 2024-04-29 | Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91. |