CVE-2024-0386

CVE-2024-0386 : The weForms plugin for WordPress is vulnerable to a stored XSS via the Referer header in all versions up to 1.6.21, caused by insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary scripts that will execute in pages viewed by...

CVE-2023-50896

CVE-2023-50896 is a stored XSS in the WordPress plugin weForms (up to 1.6.17). The vulnerability requires authenticated access (Admin+), and exists in the weForms plugin as described in the CVE entry and corroborated by Red Hat’s advisory. The Wordfence Threat Intelligence entry for this CVE conf...

CVE-2023-51524

CVE-2023-51524 concerns the WordPress plugin weForms. The connected data confirms a Missing Authorization vulnerability in weForms versions up to and including 1.6.18, specifically related to an unauthorized export of form entries via the export_form_entries action. The issue is categorized with ...

CVE-2022-2395

The CVE-2022-2395 entry concerns the WordPress weForms plugin (versions prior to 1.6.14). Affected component: plugin settings sanitisation/escaping; root cause: settings are not sanitized or escaped, enabling stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_...

CVE-2024-30512

CVE-2024-30512 is a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin weForms, affecting versions up to 1.6.20. The NVD entry rates the impact as Critical (CVSS v3.1 base score 9.1) with network access and no user interaction required; confidentiality and integri...

CVE-2020-22276

The CVE-2020-22276 affects the WeForms WordPress plugin, version 1.4.7, which is vulnerable to CSV injection via a form entry. The CVSS data in the record shows a high severity (CVSS v3.1 base score 9.8, CRITICAL) with network attack vector, no authentication, and no user interaction required, im...