PT-2024-24630 · Weforms · Weforms

Name of the Vulnerable Software and Affected Versions: weForms versions 1.6.20 and earlier Description: The issue is related to a Client-Side Enforcement of Server-Side Security vulnerability in weForms, which allows the removal of important client functionality. Recommendations: For weForms...

WordPress plugin weForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress weForms plugin <= 1.6.20 - Form Submission Restriction Bypass vulnerability

Form Submission Restriction Bypass vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin weForms versions = 1.6.20...

WordPress weForms Plugin <= 1.6.20 is vulnerable to Bypass Vulnerability

Software weForms Type Plugin Vulnerable versions = 1.6.20 Fixed in 1.6.21 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-32512 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID afd56fb1f506 Credits Kyle Sanchez Required privilege...

weForms < 1.6.21 - Missing Authorization

Description The weForms plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the handlefrontendsubmission function in versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to submit forms that are not open...

WordPress weForms Plugin <= 1.6.20 is vulnerable to Broken Access Control

Software weForms Type Plugin Vulnerable versions = 1.6.20 Fixed in 1.6.21 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30512 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID e2254499c0ef Credits Kyle Sanchez Required privilege...

CVE-2024-0386

The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

CVE-2024-0386

The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

Cross site scripting

The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

CVE-2024-0386

The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

CVE-2024-0386

CVE-2024-0386 : The weForms plugin for WordPress is vulnerable to a stored XSS via the Referer header in all versions up to 1.6.21, caused by insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary scripts that will execute in pages viewed by...

PT-2024-15520 · WordPress · Weforms

Name of the Vulnerable Software and Affected Versions: weForms plugin for WordPress versions up to, and including, 1.6.21 Description: The issue is related to Stored Cross-Site Scripting via the 'Referer' HTTP header due to insufficient input sanitization and output escaping. This allows...

weForms < 1.6.22 - Unauthenticated Stored Cross-Site Scripting via Referer

Description The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

WordPress weForms Plugin <= 1.6.21 is vulnerable to Cross Site Scripting (XSS)

Software weForms Type Plugin Vulnerable versions = 1.6.21 Fixed in 1.6.22 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0386 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID db1e50c55827 Credits drop Required privilege...

WordPress Plugin weForms Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

weForms < 1.6.19 - Missing Authorization via export_form_entries

Description The weForms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'exportformentries' function in versions up to, and including, 1.6.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

weForms – Easy Drag & Drop Contact Form Builder For WordPress < 1.6.18 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The weForms – Easy Drag & Drop Contact Form Builder For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 1.6.18 exclusive due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2023-50896

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress: from n/a through 1.6.17...

CVE-2023-50896

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress: from n/a through 1.6.17...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress: from n/a through 1.6.17...