PT-2026-8088 · WordPress · Smart Forms
Lukasz Sobanski
·
Publicado
2026-02-14
·
Atualizado
2026-02-14
·
CVE-2026-2022
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Smart Forms plugin for WordPress versions prior to 2.7.0
Description
The Smart Forms plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check on the 'rednao smart forms get campaigns' AJAX action. Attackers with Subscriber-level access or higher can retrieve donation campaign data, including campaign IDs and names. The affected API endpoint is
rednao smart forms get campaigns.Recommendations
Update the Smart Forms plugin to version 2.7.0 or later.
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Smart Forms