Description
WordPress Plugin Smart Forms-when you need more than just a contact form is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently update arbitrary options (such as default_role and users_can_register). WordPress Plugin Smart Forms-when you need more than just a contact form version 2.6.84 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.6.85 or latest
References
Related Vulnerabilities
MyBB Other Vulnerability (CVE-2007-0689)
WordPress Plugin Ceceppa Multilingua Cross-Site Scripting (1.5.17)
WordPress Plugin WP Customer Reviews Unspecified Vulnerability (3.0.7)
Tornado Improper Input Validation Vulnerability (CVE-2012-2374)
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-1806)