VYPR
Unrated severityNVD Advisory· Published Feb 28, 2022· Updated Aug 3, 2024

WS Form < 1.8.176 - Unauthenticated Stored Cross-Site Scripting

CVE-2022-23988

Description

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Range: <1.8.176
  • WS Form/WS Form LITE – Drag & Drop Contact Form Builder for WordPressv5
    Range: 1.8.176
  • WS Form/WS Form Prov5
    Range: 1.8.176

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.