WordPress WS Form Pro plugin <= 1.9.217 - Unauthenticated CSV Injection vulnerability

Unauthenticated CSV Injection vulnerability discovered by Duc Manh in WordPress Plugin WS Form Pro versions = 1.9.217...

WordPress WS Form Pro Plugin <= 1.9.217 is vulnerable to CSV Injection

Software WS Form Pro Type Plugin Vulnerable versions = 1.9.217 Fixed in 1.9.218 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-5424 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID b17414acaf13 Credits Duc Manh Required privilege Unauthenticated...

CVE-2022-23987

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress WS Form Pro premium plugin <= 1.8.175 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Felipe Restrepo Rodriguez in WordPress WS Form Pro premium plugin versions = 1.8.175. Solution Update the WordPress WS Form Pro premium plugin to the latest available version at least 1.8.176...

WordPress WS Form Pro premium plugin <= 1.8.175 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Felipe Restrepo Rodriguez in WordPress WS Form Pro premium plugin versions = 1.8.175. Solution Update the WordPress WS Form Pro premium plugin to the latest available version at least 1.8.176...