3 matches found
CVE-2024-10647 WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.9.244 - Reflected Cross-Site Scripting via URL
The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.9.244. This makes it possible for unauthenticated...
CVE-2024-10647
CVE-2024-10647 affects the WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin. It is a Reflected Cross-Site Scripting vulnerability caused by remove_query_arg not being properly escaped in the URL, affecting all versions up to and including 1.9.244. Exploitation is possible by a...
WordPress WS Form LITE Plugin <= 1.9.244 is vulnerable to Cross Site Scripting (XSS)
Software WS Form LITE Type Plugin Vulnerable versions = 1.9.244 Fixed in 1.9.245 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10647 Patch priority Medium CVSS severity Medium 7.1 Developer WS Form PSID fff125dfb47d Credits Peter Thaleikis Required...