VYPR

WS Form LITE

by WS Form

Source repositories

CVEs (4)

  • CVE-2024-13509HigJan 28, 2025
    risk 0.40cvss 7.2epss 0.00

    The WS Form LITE and PRO plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…

  • CVE-2023-5424MedJun 7, 2024
    risk 0.31cvss 4.7epss 0.00

    The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened…

  • CVE-2025-3912MedApr 25, 2025
    risk 0.27cvss 5.3epss 0.00

    The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_config' function in all versions up to, and including, 1.10.35. This makes it possible for…

  • CVE-2024-10647Nov 6, 2024
    risk 0.00cvss epss 0.00

    The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.244. This makes it…