← volver
CVE-2022-23988

WS Form < 1.8.176 - Unauthenticated Stored Cross-Site Scripting

EPSS 2.2%CWE-79
The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission
Productos afectados
WS Form · WS Form LITE – Drag & Drop Contact Form Builder for WordPressWS Form · WS Form Pro

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpscan.com/vulnerability/9d5738f9-9a2e-4878-8a03-745894420bf6