Weforms Security Vulnerabilities and Issues — Weforms CVE List

Lucene search

WeformsproWeforms

4 matches found

CVE•added 2024/03/12 10:15 p.m.•65 views

CVE-2024-0386

The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

7.2CVSS6.8AI score0.15758EPSS

CVE•added 2024/06/12 10:15 a.m.•58 views

CVE-2023-51524

Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18.

8.8CVSS5.7AI score0.00428EPSS

CVE•added 2024/06/09 11:15 a.m.•50 views

CVE-2024-30512

Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20.

9.1CVSS4.6AI score0.00471EPSS

CVE•added 2024/05/17 9:15 a.m.•43 views

CVE-2024-32512

Client-Side Enforcement of Server-Side Security vulnerability in weForms allows Removing Important Client Functionality.This issue affects weForms: from n/a through 1.6.20.

5.3CVSS6.8AI score0.0029EPSS