Unrated severityNVD Advisory· Published Feb 28, 2022· Updated Aug 3, 2024
WS Form < 1.8.176 - Unauthenticated Stored Cross-Site Scripting
CVE-2022-23988
Description
The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <1.8.176
- WS Form/WS Form LITE – Drag & Drop Contact Form Builder for WordPressv5Range: 1.8.176
- WS Form/WS Form Prov5Range: 1.8.176
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/9d5738f9-9a2e-4878-8a03-745894420bf6mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.