Weformspro Weforms

6 CVEs affecting Weformspro Weforms. Latest disclosed: 2024-06-12. Critical: 1, High: 1.

Top CVEs affecting Weformspro Weforms
CVESeverityScorePublishedSummary
CVE-2020-22276Critical9.82020-11-04WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry.
CVE-2024-0386High7.22024-03-12The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to…
CVE-2023-50896Medium5.92023-12-29Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder F…
CVE-2022-2395Medium4.82022-08-08The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripti…
CVE-2023-51524Medium4.32024-06-12Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18.
CVE-2024-30512Low3.72024-06-09Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20.