Smart Forms
by Rednao
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-49856 | Hig | 0.53 | 8.1 | 0.01 | Dec 9, 2024 | Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through <= 2.6.84. | ||
| CVE-2026-2022 | Med | 0.28 | 4.3 | 0.00 | Feb 14, 2026 | The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednao_smart_forms_get_campaigns' AJAX action in all versions up to, and including, 2.6.99. This makes it possible for authenticated attackers, with… | ||
| CVE-2024-33593 | Med | 0.28 | 4.3 | 0.00 | Apr 29, 2024 | Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91. | ||
| CVE-2019-5924 | 0.00 | — | 0.01 | Mar 12, 2019 | Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page. |
- risk 0.53cvss 8.1epss 0.01
Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through <= 2.6.84.
- risk 0.28cvss 4.3epss 0.00
The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednao_smart_forms_get_campaigns' AJAX action in all versions up to, and including, 2.6.99. This makes it possible for authenticated attackers, with…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91.
- CVE-2019-5924Mar 12, 2019risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.