CVE-2024-0386

CVE-2024-0386 : The weForms plugin for WordPress is vulnerable to a stored XSS via the Referer header in all versions up to 1.6.21, caused by insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary scripts that will execute in pages viewed by...

CVE-2023-51524

CVE-2023-51524 concerns the WordPress plugin weForms. The connected data confirms a Missing Authorization vulnerability in weForms versions up to and including 1.6.18, specifically related to an unauthorized export of form entries via the export_form_entries action. The issue is categorized with ...

CVE-2022-2395

The CVE-2022-2395 entry concerns the WordPress weForms plugin (versions prior to 1.6.14). Affected component: plugin settings sanitisation/escaping; root cause: settings are not sanitized or escaped, enabling stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_...

CVE-2024-30512

CVE-2024-30512 is a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin weForms, affecting versions up to 1.6.20. The NVD entry rates the impact as Critical (CVSS v3.1 base score 9.1) with network access and no user interaction required; confidentiality and integri...