Rednao Smart_forms

8 CVEs affecting Rednao Smart_forms. Latest disclosed: 2024-12-09. Critical: 0, High: 2.

Top CVEs affecting Rednao Smart_forms
CVESeverityScorePublishedSummary
CVE-2019-5924High8.82019-03-12Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a…
CVE-2023-49856High8.12024-12-09Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af…
CVE-2024-1307Medium6.52024-04-15The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber…
CVE-2022-0163Medium6.52022-03-07The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users…
CVE-2023-7203Medium6.12024-02-27The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to…
CVE-2024-1905Medium5.92024-04-29The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perf…
CVE-2024-1306Medium5.42024-04-15The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted…
CVE-2024-33593Medium4.32024-04-29Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91.