Every CVE whose affected-product data names Rednao Smart Forms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2019-5924 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of…
CVE-2023-49856 — CVSS 8.1 (high): Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security…
CVE-2022-0163 — CVSS 6.5 (medium): The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any…
CVE-2024-1307 — CVSS 6.5 (medium): The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as…
CVE-2023-7203 — CVSS 6.1 (medium): The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as…
CVE-2024-1905 — CVSS 5.9 (medium): The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users…
CVE-2024-1306 — CVSS 5.4 (medium): The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in…
CVE-2024-33593 — CVSS 4.3 (medium): Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91.