CVE-2023-51524
- EPSS 0.58%
- Veröffentlicht 12.06.2024 10:15:28
- Zuletzt bearbeitet 21.11.2024 08:38:18
Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18.
CVE-2024-30512
- EPSS 0.64%
- Veröffentlicht 09.06.2024 11:15:51
- Zuletzt bearbeitet 21.11.2024 09:12:04
Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20.
CVE-2024-32512
- EPSS 0.29%
- Veröffentlicht 17.05.2024 09:15:37
- Zuletzt bearbeitet 21.11.2024 09:15:04
Client-Side Enforcement of Server-Side Security vulnerability in weForms allows Removing Important Client Functionality.This issue affects weForms: from n/a through 1.6.20.
CVE-2024-0386
- EPSS 15.76%
- Veröffentlicht 12.03.2024 22:15:07
- Zuletzt bearbeitet 15.01.2025 16:38:37
The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenti...
CVE-2023-50896
- EPSS 0.12%
- Veröffentlicht 29.12.2023 11:15:08
- Zuletzt bearbeitet 21.11.2024 08:37:29
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms – Easy Drag & Drop Contact Form B...
CVE-2022-2395
- EPSS 0.21%
- Veröffentlicht 08.08.2022 14:15:09
- Zuletzt bearbeitet 21.11.2024 07:00:54
The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2020-22276
- EPSS 1.21%
- Veröffentlicht 04.11.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:13:13
WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry.