47 matches found
EUVD-2023-57739
Malicious code in bioql PyPI...
EUVD-2024-42356
Malicious code in bioql PyPI...
EUVD-2023-56809
Malicious code in bioql PyPI...
CVE-2024-10647
The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.9.244. This makes it possible for unauthenticated...
CVE-2025-3912
The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getconfig' function in all versions up to, and including, 1.10.35. This makes it possible for unauthenticated attackers to...
WordPress WS Form LITE plugin <= 1.10.35 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability
Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Amin Beheshti in WordPress Plugin WS Form LITE versions = 1.10.35...
CVE-2025-3912
The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getconfig' function in all versions up to, and including, 1.10.35. This makes it possible for unauthenticated attackers to...
CVE-2025-3912 WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.10.35 - Missing Authorization to Unauthenticated Sensitive Information Exposure
The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getconfig' function in all versions up to, and including, 1.10.35. This makes it possible for unauthenticated attackers to...
CVE-2025-3912 WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.10.35 - Missing Authorization to Unauthenticated Sensitive Information Exposure
The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getconfig' function in all versions up to, and including, 1.10.35. This makes it possible for unauthenticated attackers to...
PT-2025-17901 · WordPress · Ws Form Lite
Name of the Vulnerable Software and Affected Versions: WS Form LITE – Drag & Drop Contact Form Builder for WordPress versions prior to 1.10.36 Description: The issue allows unauthorized access to data due to a missing capability check on the get config function. This makes it possible for...
CVE-2024-47320
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mark Westguard WS Form LITE ws-form allows Stored XSS.This issue affects WS Form LITE: from n/a through = 1.9.238...
CVE-2024-13509
The WS Form LITE and PRO plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WordPress WS Form LITE plugin <= 1.10.13 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Tim Coen in WordPress Plugin WS Form LITE versions = 1.10.13...
CVE-2024-13509
The WS Form LITE and PRO plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-13509
The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-13509 WS Form LITE and PRO <= 1.10.13 - Unauthenticated Stored Cross-Site Scripting
The WS Form LITE and PRO plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-13509 WS Form LITE and PRO <= 1.10.13 - Unauthenticated Stored Cross-Site Scripting
The WS Form LITE and PRO plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-13509
CVE-2024-13509 affects the WS Form LITE (and WS Form Pro) WordPress plugin. It is an unauthenticated Stored Cross-Site Scripting flaw in the url parameter present in all versions up to 1.10.13. The issue arises from insufficient input sanitization and output escaping, allowing an attacker to inje...
WordPress plugin WS Form LITE 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...
CVE-2024-10647
The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.9.244. This makes it possible for unauthenticated...