cleantalk
Vulnerabilities and Security Researches

Smart Forms – when you need more than just a contact form, CVE-2023-7203

CVE, Research URL

CVE-2023-7203

Home page URL

Security reports for Smart Forms – when you need more than just a contact form

Application

Smart Forms – when you need more than just a contact form

Published on
Feb 27, 2024
Research Description
The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as deleting entries.
Affected versions
max 2.6.87.
Status
vulnerable
Previous vulnerability researches
GatorMail SmartForms (CVE-2024-11386) , Jan 12, 2025
Smart Forms – when you need more than just a contact form (CVE-2024-1905) , Jun 07, 2024
Smart Forms – when you need more than just a contact form (CVE-2023-7203) , Jun 07, 2024
Smart Forms – when you need more than just a contact form (CVE-2024-1307) , Jun 07, 2024
Smart Forms – when you need more than just a contact form (CVE-2024-1306) , Jun 07, 2024
New vulnerability
VI: Include Post By (CVE-2026-5717) , Apr 17, 2026
Responsive Accordion Slider (CVE-2026-0635) , Apr 17, 2026
Petje.af (CVE-2026-4002) , Apr 17, 2026
LinkedIn SC (CVE-2026-0812) , Apr 17, 2026
Coachific Shortcode (CVE-2026-4005) , Apr 17, 2026