Report
The Smart Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the smart_forms_save_settings() function hooked via AJAX in versions up to, and including, 2.6.84. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options which can be used for remote code execution.
Score:8.1
Severity:High
Version: 2.6.84
There is a patch available in v2.6.85 and we strongly recommend you update to this version as soon as possible.
