CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47320 – WordPress WS Form LITE plugin <= 1.9.238 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-47320
25 Sep 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WS Form WS Form LITE allows Stored XSS.This issue affects WS Form LITE: from n/a through 1.9.238. The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.9.238 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbi... • https://patchstack.com/database/vulnerability/ws-form/wordpress-ws-form-lite-plugin-1-9-238-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5424 – WS Form LITE <= 1.9.217 - Unauthenticated CSV Injection
https://notcve.org/view.php?id=CVE-2023-5424
06 Jun 2024 — The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. El complemento WS Form LITE para WordPress es vulnerable a la inyección CSV en versiones hasta la 1.9.217 incluida. Esto permite a atacantes no autenticados incrustar entradas que no ... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3098265%40ws-form&new=3098265%40ws-form&sfp_email=&sfph_mail= • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52135 – WordPress WS Form LITE Plugin <= 1.9.170 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-52135
28 Dec 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WS Form WS Form LITE – Drag & Drop Contact Form Builder for WordPress.This issue affects WS Form LITE – Drag & Drop Contact Form Builder for WordPress: from n/a through 1.9.170. Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyección SQL') en WS Form WS Form LITE – Drag & Drop Contact Form Builder for WordPress. Este problema afecta a WS Form LITE – ... • https://patchstack.com/database/vulnerability/ws-form/wordpress-ws-form-lite-drag-drop-contact-form-builder-for-wordpress-plugin-1-9-170-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2022-23988 – WS Form < 1.8.176 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-23988
31 Jan 2022 — The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission Los plugins WS Form LITE y Pro WordPress versiones anteriores a 1.8.176, no sanean ni escapan de los datos del formulario enviado, permitiendo a un atacante no autenticado enviar cargas útiles de tipo XSS que serán ejecutadas cuando un usuario con privilegios visualice... • https://github.com/simonepetruzzi/WebSecurityProject • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-23987 – WS Form < 1.8.176 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-23987
31 Jan 2022 — The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Los plugins WS Form LITE y Pro de WordPress versiones anteriores a 1.8.176, no sanean ni escapan el nombre de sus formularios, lo que podría permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_ht... • https://wpscan.com/vulnerability/1697351b-c201-4e85-891e-94fdccbdfb55 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •