The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form’s data, which could include sensitive information such as PII depending on the form.

Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku

Kaynak: National Vulnerability Database