CVE-2022-2395

The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

PT-2022-16360 · WordPress · Weforms

Name of the Vulnerable Software and Affected Versions: weForms WordPress plugin versions prior to 1.6.14 Description: The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and escape its...

WordPress plugin weForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress weForms plugin <= 1.4.7 - CSV Injection vulnerability

CSV Injection vulnerability found by Mohamad Pishdar in WordPress weForms plugin versions = 1.4.7. Solution 2020-11-20 - we were unable to find information about the fix for this vulnerability...

CVE-2020-22276

WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry...

CVE-2020-22276

WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry...