Lucene search
K
WestguardsolutionsWs Form

6 matches found

CVE
CVE
added 2022/02/28 9:7 a.m.97 views

CVE-2022-23988

The CVE-2022-23988 affects WordPress WS Form LITE and WS Form Pro plugins up to version 1.8.176. The root cause is inadequate sanitisation/escaping of submitted form data, enabling unauthenticated attackers to submit XSS payloads that execute when a privileged user views the related submission. R...

6.1CVSS6AI score0.02196EPSS
CVE
CVE
added 2022/02/28 9:7 a.m.91 views

CVE-2022-23987

The CVE concerns WordPress WS Form LITE and Pro plugins (before 1.8.176). The root cause is failure to sanitize/escape the Form Name, enabling Cross-Site Scripting by high-privilege users even when unfiltered_html is disallowed. Impact details in the connected Red Hat advisory align with an admin...

4.8CVSS4.7AI score0.00588EPSS
CVE
CVE
added 2023/12/29 10:9 a.m.75 views

CVE-2023-52135

The CVE-2023-52135 vulnerability affects WS Form LITE – Drag & Drop Contact Form Builder for WordPress. It is an SQL Injection (Improper Neutralization of Special Elements used in an SQL Command) affecting WS Form LITE for WordPress versions up to 1.9.170. According to connected sources, exploita...

7.6CVSS7.8AI score0.00478EPSS
CVE
CVE
added 2024/06/07 9:33 a.m.65 views

CVE-2023-5424

The CVE-2023-5424 entry refers to WS Form LITE for WordPress being vulnerable to CSV Injection in versions up to 1.9.217. An unauthenticated attacker could embed untrusted input into exported CSV files, which is stated to lead to code execution when a vulnerable file is opened. The connected docu...

8.8CVSS6.9AI score0.00493EPSS
CVE
CVE
added 2025/01/28 6:38 a.m.57 views

CVE-2024-13509

CVE-2024-13509 affects the WS Form LITE (and WS Form Pro) WordPress plugin. It is an unauthenticated Stored Cross-Site Scripting flaw in the url parameter present in all versions up to 1.10.13. The issue arises from insufficient input sanitization and output escaping, allowing an attacker to inje...

7.2CVSS7.4AI score0.00346EPSS
CVE
CVE
added 2024/11/06 2:1 a.m.47 views

CVE-2024-10647

CVE-2024-10647 affects the WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin. It is a Reflected Cross-Site Scripting vulnerability caused by remove_query_arg not being properly escaped in the URL, affecting all versions up to and including 1.9.244. Exploitation is possible by a...

6.1CVSS6AI score0.00291EPSS