Weforms Security Vulnerabilities and Issues — Weforms CVE List

Lucene search

WeformsproWeforms

7 matches found

CVE•added 2024/03/12 10:15 p.m.•65 views

CVE-2024-0386

The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

7.2CVSS6.8AI score0.15758EPSS

CVE•added 2023/12/29 11:15 a.m.•63 views

CVE-2023-50896

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress: from n/a through 1.6.17.

5.9CVSS5.6AI score0.00122EPSS

CVE•added 2024/06/12 10:15 a.m.•58 views

CVE-2023-51524

Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18.

8.8CVSS5.7AI score0.00428EPSS

CVE•added 2022/08/08 2:15 p.m.•54 views

CVE-2022-2395

The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8CVSS4.8AI score0.00113EPSS

CVE•added 2024/06/09 11:15 a.m.•50 views

CVE-2024-30512

Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20.

9.1CVSS4.6AI score0.00471EPSS

CVE•added 2024/05/17 9:15 a.m.•43 views

CVE-2024-32512

Client-Side Enforcement of Server-Side Security vulnerability in weForms allows Removing Important Client Functionality.This issue affects weForms: from n/a through 1.6.20.

5.3CVSS6.8AI score0.0029EPSS

CVE•added 2020/11/04 5:15 p.m.•28 views

CVE-2020-22276

WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry.

9.8CVSS9.5AI score0.01209EPSS