CVE-2022-0163: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2022-0163) affects the WordPress plugin Smart Forms versions below 2.6.71. The security flaw was discovered and publicly disclosed on February 14, 2022. This vulnerability is related to missing authorization controls in the plugin's AJAX functionality (WPScan).

The vulnerability stems from a lack of proper authorization checks in the 'rednaosmartformsentrieslist' AJAX action. The issue has been assigned CWE-862 (Missing Authorization) and received a CVSS score of 6.5 (medium severity). The security flaw allows any authenticated user, including those with subscriber-level privileges, to access and download form data through the affected AJAX endpoint (WPScan).

When exploited, this vulnerability allows authenticated users with low-privilege roles (such as subscribers) to download arbitrary form data from the system. This could result in unauthorized access to sensitive information, including personally identifiable information (PII), depending on the content stored in the forms (WPScan).

The vulnerability has been fixed in Smart Forms version 2.6.71. Users are advised to update to this version or later to protect against unauthorized data access (WPScan).