Weformspro Weforms
6 CVEs affecting Weformspro Weforms. Latest disclosed: 2024-06-12. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-22276 | Critical | 9.8 | 2020-11-04 | WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry. |
CVE-2024-0386 | High | 7.2 | 2024-03-12 | The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to… |
CVE-2023-50896 | Medium | 5.9 | 2023-12-29 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder F… |
CVE-2022-2395 | Medium | 4.8 | 2022-08-08 | The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripti… |
CVE-2023-51524 | Medium | 4.3 | 2024-06-12 | Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18. |
CVE-2024-30512 | Low | 3.7 | 2024-06-09 | Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20. |