Amir Hossein Fallahi

**Name of the Vulnerable Software and Affected Versions** The Smart Forms WordPress plugin versions prior to 2.6.94 **Description** The issue is related to the lack of CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries. This is considered a medium risk. **Recommendations** For versions prior to 2.6.94, update to version 2.6.94 or later to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Smart Forms WordPress plugin versions prior to 2.6.94 **Description** The issue is related to improper authorization in some actions within the plugin, allowing users with a low role, such as a subscriber, to perform unauthorized actions. **Recommendations** For versions prior to 2.6.94, update to version 2.6.94 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive actions and functionality to higher-role users until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Axigen versions 10.3.3.0 through 10.3.3.59 Axigen versions 10.4.0 through 10.4.19 Axigen versions 10.5.0 through 10.5.5 **Description** The issue is a Cross Site Scripting (XSS) vulnerability that allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions. **Recommendations** For Axigen versions 10.3.3.0 through 10.3.3.59, update to version 10.3.3.59 or later. For Axigen versions 10.4.0 through 10.4.19, update to version 10.4.19 or later. For Axigen versions 10.5.0 through 10.5.5, update to version 10.5.5 or later.