cleantalk
Vulnerabilities and Security Researches

Smart Forms – when you need more than just a contact form, CVE-2024-1905

CVE, Research URL

CVE-2024-1905

Home page URL

Security reports for Smart Forms – when you need more than just a contact form

Application

Smart Forms – when you need more than just a contact form

Published on
Apr 29, 2024
Research Description
The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions
max 2.6.96.
Status
vulnerable
Previous vulnerability researches
GatorMail SmartForms (CVE-2024-11386) , Jan 12, 2025
Smart Forms – when you need more than just a contact form (CVE-2024-1905) , Jun 07, 2024
Smart Forms – when you need more than just a contact form (CVE-2023-7203) , Jun 07, 2024
Smart Forms – when you need more than just a contact form (CVE-2024-1307) , Jun 07, 2024
Smart Forms – when you need more than just a contact form (CVE-2024-1306) , Jun 07, 2024
New vulnerability
VI: Include Post By (CVE-2026-5717) , Apr 17, 2026
Responsive Accordion Slider (CVE-2026-0635) , Apr 17, 2026
Petje.af (CVE-2026-4002) , Apr 17, 2026
LinkedIn SC (CVE-2026-0812) , Apr 17, 2026
Coachific Shortcode (CVE-2026-4005) , Apr 17, 2026