2 matches found
CVE-2022-23988 WS Form < 1.8.176 - Unauthenticated Stored Cross-Site Scripting
The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission...
CVE-2022-23988
The CVE-2022-23988 affects WordPress WS Form LITE and WS Form Pro plugins up to version 1.8.176. The root cause is inadequate sanitisation/escaping of submitted form data, enabling unauthenticated attackers to submit XSS payloads that execute when a privileged user views the related submission. R...