The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-03-07T08:16:22

Updated: 2024-08-02T23:18:41.802Z

Reserved: 2022-01-10T00:00:00

Link: CVE-2022-0163

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-03-07T09:15:08.937

Modified: 2024-11-21T06:38:03.010

Link: CVE-2022-0163

cve-icon Redhat

No data.