Vulnerabilities > Rednao

DATE CVE VULNERABILITY TITLE RISK
2023-08-25 CVE-2023-32603 Cross-site Scripting vulnerability in Rednao Smart Donations
Unauth.
network
low complexity
rednao CWE-79
6.1
2022-03-07 CVE-2022-0163 Missing Authorization vulnerability in Rednao Smart Forms
The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form.
network
low complexity
rednao CWE-862
4.0
2019-03-12 CVE-2019-5924 Cross-Site Request Forgery (CSRF) vulnerability in Rednao Smart Forms
Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.
network
low complexity
rednao CWE-352
8.8