Unrated severityNVD Advisory· Published Jan 13, 2026· Updated Mar 5, 2026

WPForms 1.7.8 - Cross-Site Scripting (XSS)

CVE-2020-36919

Description

WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and tab parameter. Attackers can inject malicious scripts through the ListTable.php endpoint to execute arbitrary JavaScript in victim's browser.

Affected products

WordPress/Wpformsinferred
Range: = 1.7.8
Package: https://wordpress.org/plugins/wpforms
Wpforms/Wpformsllm-fuzzy
Range: = 1.7.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/51152mitreexploit
www.vulncheck.com/advisories/wpforms-cross-site-scripting-xssmitrethird-party-advisory
wordpress.org/plugins/wpforms-litemitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000