Vulnerabilities > CVE-2022-0163 - Missing Authorization vulnerability in Rednao Smart Forms

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
rednao
CWE-862

Summary

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form.

Vulnerable Configurations

Part Description Count
Application
Rednao
90

Common Weakness Enumeration (CWE)