WordPress Plugin Vulnerabilities

Smart Forms < 2.6.16 - Cross-Site Request Forgery (CSRF)

Description

The Smart Forms – when you need more than just a contact form WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
smart-forms
Fixed in 2.6.16

References

CVE
CVE-2019-5924
URL
https://jvn.jp/jp/JVN97656108/index.html

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Toshiharu Sugiyama
Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
7d651adb-4c02-4928-9aa3-5726735116c7

Timeline

Publicly Published
2019-02-28 (about 7 years ago)
Added
2019-03-13 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-05-16
Title
Audio Comments Plugin <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-12-10
Title
WPC Order Notes for WooCommerce < 1.5.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
Published
2025-04-17
Title
Simple Maps < 0.99 - Cross-Site Request Forgery
Published
2023-03-14
Title
LOGIN AND REGISTRATION ATTEMPTS LIMIT <= 2.1 - Cross-Site Request Forgery (CSRF)
Published
2021-12-09
Title
Accept Donations with PayPal < 1.3.4 - Arbitrary Post Deletion via CSRF