CVE-2024-10647

The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.9.244. This makes it possible for unauthenticated...

WordPress plugin WS Form LITE 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-16429 · WordPress · Ws Form Lite

Name of the Vulnerable Software and Affected Versions: WS Form LITE – Drag & Drop Contact Form Builder for WordPress versions up to, and including, 1.9.244 Description: The issue is related to Reflected Cross-Site Scripting due to the use of remove query arg without appropriate escaping on the UR...

WordPress WS Form LITE Plugin <= 1.9.244 is vulnerable to Cross Site Scripting (XSS)

Software WS Form LITE Type Plugin Vulnerable versions = 1.9.244 Fixed in 1.9.245 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10647 Patch priority Medium CVSS severity Medium 7.1 Developer WS Form PSID fff125dfb47d Credits Peter Thaleikis Required...

WordPress WS Form LITE Plugin <= 1.9.238 is vulnerable to Cross Site Scripting (XSS)

Software WS Form LITE Type Plugin Vulnerable versions = 1.9.238 Fixed in 1.9.244 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47320 Patch priority Medium CVSS severity Medium 7.1 Developer WS Form PSID cb1829e55bbc Credits savphill Required privilege...