Smart Forms – when you need more than just a contact form

Vulnerabilities 11Slug smart-formsLatest version 2.6.102WordPress.org →

Minimum safe version

2.6.101

Update to 2.6.101 or later to address 11 fixable vulnerabilities

Latest available2.6.102 ✓

N/A

2026-02-13< 2.6.101

Smart Forms <= 2.6.100 - Missing Authorization to Authenticated (Subscriber+) Campaign Data Exposure

Wordfence CVE

Medium 4.4

2025-05-24< 2.6.99

WordPress Smart Forms Plugin <= 2.6.98 is vulnerable to Cross Site Scripting (XSS)

EUVD Patchstack Wordfence CVE

Medium 5.9

2024-04-29< 2.6.96

CVE-2024-1905

CVE Patchstack Wordfence

Medium 4.3

2024-04-29< 2.6.92

CVE-2024-33593

CVE Patchstack Wordfence

Medium 6.5

2024-04-15< 2.6.94

CVE-2024-1307

CVE Patchstack Wordfence WPScan

Medium 5.4

2024-04-15< 2.6.94

CVE-2024-1306

CVE Patchstack Wordfence WPScan

Medium 6.1

2024-02-27< 2.6.87

CVE-2023-7203

CVE Wordfence Patchstack WPScan

High 8.1

2024-12-09< 2.6.85

CVE-2023-49856

CVE Wordfence Patchstack WPScan

N/A

2014-11-06< 2.1.1

Smart Forms – when you need more than just a contact form <= 2.1.0 - Missing Authorization

Wordfence CVE WPScan

High 8.8

2019-03-13< 2.6.16

WordPress Smart Forms plugin <= 2.5.15 - Cross-Site Request Forgery (CSRF) vulnerability

Patchstack CVE JVN Wordfence WPScan

Medium 6.5

2022-03-07< 2.6.71

CVE-2022-0163

CVE Wordfence WPScan