CVE-2023-50896 WordPress weForms Plugin <= 1.6.17 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress: from n/a through 1.6.17...

CVE-2023-50896

CVE-2023-50896 is a stored XSS in the WordPress plugin weForms (up to 1.6.17). The vulnerability requires authenticated access (Admin+), and exists in the weForms plugin as described in the CVE entry and corroborated by Red Hat’s advisory. The Wordfence Threat Intelligence entry for this CVE conf...

PT-2023-31708 · WordPress · Weforms

Name of the Vulnerable Software and Affected Versions: weForms – Easy Drag & Drop Contact Form Builder For WordPress versions 1.6.17 and earlier Description: The issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress, allowing Stored XSS due to improper neutralization of inpu...

WordPress Plugin weForms Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress weForms Plugin <= 1.6.18 is vulnerable to Broken Access Control

Software weForms Type Plugin Vulnerable versions = 1.6.18 Fixed in 1.6.19 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51524 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e12fa215be85 Credits emad Required privilege Subscriber...

WordPress weForms Plugin <= 1.6.17 is vulnerable to Cross Site Scripting (XSS)

Software weForms Type Plugin Vulnerable versions = 1.6.17 Fixed in 1.6.18 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50896 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 17a0a696ff2c Credits emad Required privilege Administrator...

CVE-2022-2395

The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-2395

The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-2395

The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Cross site scripting

The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-2395

The CVE-2022-2395 entry concerns the WordPress weForms plugin (versions prior to 1.6.14). Affected component: plugin settings sanitisation/escaping; root cause: settings are not sanitized or escaped, enabling stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_...

CVE-2022-2395 weForms < 1.6.14 - Admin+ Stored Cross-Site Scripting

The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress plugin weForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2022-16360 · WordPress · Weforms

Name of the Vulnerable Software and Affected Versions: weForms WordPress plugin versions prior to 1.6.14 Description: The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and escape its...

weForms < 1.6.14 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC On the dashboard navigate to weForms All Forms Add Form Choose Contact Form; Click Create Form...

WordPress weForms plugin <= 1.6.13 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Tri Wanda Septian in WordPress weForms plugin versions = 1.6.13. Solution Update the WordPress weForms plugin to the latest available version at least 1.6.14...

weForms < 1.6.14 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. On the dashboard navigate to weForms All Forms Add Form Choose Contact Form; Click Create Form Settings...

WordPress weForms plugin <= 1.4.7 - CSV Injection vulnerability

CSV Injection vulnerability found by Mohamad Pishdar in WordPress weForms plugin versions = 1.4.7. Solution 2020-11-20 - we were unable to find information about the fix for this vulnerability...

weForms < 1.6.4 - CSV Injection

The plugin allows CSV injection via a form's entry...

CVE-2020-22276

WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry...