cleantalk
Vulnerabilities and Security Researches

Smart Forms – when you need more than just a contact form, CVE-2022-0163

CVE, Research URL

CVE-2022-0163

Home page URL

Security reports for Smart Forms – when you need more than just a contact form

Application

Smart Forms – when you need more than just a contact form

Published on
Mar 07, 2022
Research Description
The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form.
Affected versions
max 2.6.71.
Status
vulnerable
Previous vulnerability researches
GatorMail SmartForms (CVE-2024-11386) , Jan 12, 2025
Smart Forms – when you need more than just a contact form (CVE-2024-1905) , Jun 07, 2024
Smart Forms – when you need more than just a contact form (CVE-2023-7203) , Jun 07, 2024
Smart Forms – when you need more than just a contact form (CVE-2024-1307) , Jun 07, 2024
Smart Forms – when you need more than just a contact form (CVE-2024-1306) , Jun 07, 2024
New vulnerability
Popup Box – new WordPress popup plugin (CVE-2025-12122) , Apr 19, 2026
KiviCare – Clinic & Patient Management System (EHR) (CVE-2026-0927) , Apr 19, 2026
Terms Dictionary (CVE-2025-39534) , Apr 19, 2026
Quiz Maker (CVE-2025-58015) , Apr 19, 2026
Canto (CVE-2026-6441) , Apr 19, 2026