6 matches found
CVE-2022-23988
The CVE-2022-23988 affects WordPress WS Form LITE and WS Form Pro plugins up to version 1.8.176. The root cause is inadequate sanitisation/escaping of submitted form data, enabling unauthenticated attackers to submit XSS payloads that execute when a privileged user views the related submission. R...
CVE-2022-23987
The CVE concerns WordPress WS Form LITE and Pro plugins (before 1.8.176). The root cause is failure to sanitize/escape the Form Name, enabling Cross-Site Scripting by high-privilege users even when unfiltered_html is disallowed. Impact details in the connected Red Hat advisory align with an admin...
CVE-2023-52135
The CVE-2023-52135 vulnerability affects WS Form LITE – Drag & Drop Contact Form Builder for WordPress. It is an SQL Injection (Improper Neutralization of Special Elements used in an SQL Command) affecting WS Form LITE for WordPress versions up to 1.9.170. According to connected sources, exploita...
CVE-2023-5424
The CVE-2023-5424 entry refers to WS Form LITE for WordPress being vulnerable to CSV Injection in versions up to 1.9.217. An unauthenticated attacker could embed untrusted input into exported CSV files, which is stated to lead to code execution when a vulnerable file is opened. The connected docu...
CVE-2024-13509
CVE-2024-13509 affects the WS Form LITE (and WS Form Pro) WordPress plugin. It is an unauthenticated Stored Cross-Site Scripting flaw in the url parameter present in all versions up to 1.10.13. The issue arises from insufficient input sanitization and output escaping, allowing an attacker to inje...
CVE-2024-10647
CVE-2024-10647 affects the WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin. It is a Reflected Cross-Site Scripting vulnerability caused by remove_query_arg not being properly escaped in the URL, affecting all versions up to and including 1.9.244. Exploitation is possible by a...