Skip to main content

Ws Form

4 CVEs product

Monthly

CVE-2024-10647 MEDIUM PATCH This Month

The WS Form LITE - Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Ws Form
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-5424 MEDIUM PATCH This Month

The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required.

RCE WordPress Ws Form
NVD
CVSS 3.1
4.7
EPSS
2.5%
CVE-2022-23988 MEDIUM POC This Month

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ws Form
NVD WPScan
CVSS 3.1
6.1
EPSS
2.2%
CVE-2022-23987 MEDIUM POC This Month

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ws Form
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

The WS Form LITE - Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Ws Form
NVD
EPSS 2% CVSS 4.7
MEDIUM PATCH This Month

The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required.

RCE WordPress Ws Form
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ws Form
NVD WPScan
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ws Form
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy