Search criteria
6 vulnerabilities by weformspro
CVE-2023-51524 (GCVE-0-2023-51524)
Vulnerability from cvelistv5 – Published: 2024-06-12 09:09 – Updated: 2024-08-02 22:40
VLAI?
Title
WordPress weForms plugin <= 1.6.18 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
emad (Patchstack Alliance)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:weformspro:weforms:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "weforms",
"vendor": "weformspro",
"versions": [
{
"lessThanOrEqual": "1.6.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51524",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T12:47:06.079217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T12:48:19.981Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:32.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/weforms/wordpress-weforms-plugin-1-6-18-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "weforms",
"product": "weForms",
"vendor": "weForms",
"versions": [
{
"changes": [
{
"at": "1.6.19",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.6.18",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "emad (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in weForms.\u003cp\u003eThis issue affects weForms: from n/a through 1.6.18.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T09:09:59.874Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/weforms/wordpress-weforms-plugin-1-6-18-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.6.19 or a higher version."
}
],
"value": "Update to 1.6.19 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress weForms plugin \u003c= 1.6.18 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-51524",
"datePublished": "2024-06-12T09:09:59.874Z",
"dateReserved": "2023-12-20T17:28:07.137Z",
"dateUpdated": "2024-08-02T22:40:32.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30512 (GCVE-0-2024-30512)
Vulnerability from cvelistv5 – Published: 2024-06-09 10:59 – Updated: 2024-08-02 01:38
VLAI?
Title
WordPress weForms plugin <= 1.6.20 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Kyle Sanchez (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T11:02:07.901750Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T11:02:15.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:38:59.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/weforms/wordpress-weforms-plugin-1-6-20-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "weforms",
"product": "weForms",
"vendor": "weForms",
"versions": [
{
"changes": [
{
"at": "1.6.21",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.6.20",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kyle Sanchez (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in weForms.\u003cp\u003eThis issue affects weForms: from n/a through 1.6.20.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-09T10:59:42.461Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/weforms/wordpress-weforms-plugin-1-6-20-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.6.21 or a higher version."
}
],
"value": "Update to 1.6.21 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress weForms plugin \u003c= 1.6.20 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-30512",
"datePublished": "2024-06-09T10:59:42.461Z",
"dateReserved": "2024-03-27T12:26:51.740Z",
"dateUpdated": "2024-08-02T01:38:59.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0386 (GCVE-0-2024-0386)
Vulnerability from cvelistv5 – Published: 2024-03-12 21:34 – Updated: 2024-08-01 18:04
VLAI?
Summary
The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| boldgrid | weForms – Easy Drag & Drop Contact Form Builder For WordPress |
Affected:
* , ≤ 1.6.21
(semver)
|
Credits
Pedro Paniago
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T13:08:22.365841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:58:30.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f436ab65-a59c-4b2a-abc8-a7fc038678dd?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3047406%40weforms\u0026new=3047406%40weforms\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "weForms \u2013 Easy Drag \u0026 Drop Contact Form Builder For WordPress",
"vendor": "boldgrid",
"versions": [
{
"lessThanOrEqual": "1.6.21",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Paniago"
}
],
"descriptions": [
{
"lang": "en",
"value": "The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027Referer\u0027 HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T21:34:34.174Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f436ab65-a59c-4b2a-abc8-a7fc038678dd?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3047406%40weforms\u0026new=3047406%40weforms\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-12T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0386",
"datePublished": "2024-03-12T21:34:34.174Z",
"dateReserved": "2024-01-09T23:51:33.487Z",
"dateUpdated": "2024-08-01T18:04:49.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50896 (GCVE-0-2023-50896)
Vulnerability from cvelistv5 – Published: 2023-12-29 11:09 – Updated: 2024-08-02 22:23
VLAI?
Title
WordPress weForms Plugin <= 1.6.17 is vulnerable to Cross Site Scripting (XSS)
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress: from n/a through 1.6.17.
Severity ?
5.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| weForms | weForms – Easy Drag & Drop Contact Form Builder For WordPress |
Affected:
n/a , ≤ 1.6.17
(custom)
|
Credits
emad (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:23:43.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/weforms/wordpress-weforms-plugin-1-6-17-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "weforms",
"product": "weForms \u2013 Easy Drag \u0026 Drop Contact Form Builder For WordPress",
"vendor": "weForms",
"versions": [
{
"changes": [
{
"at": "1.6.18",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.6.17",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "emad (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in weForms weForms \u2013 Easy Drag \u0026amp; Drop Contact Form Builder For WordPress allows Stored XSS.\u003cp\u003eThis issue affects weForms \u2013 Easy Drag \u0026amp; Drop Contact Form Builder For WordPress: from n/a through 1.6.17.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in weForms weForms \u2013 Easy Drag \u0026 Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms \u2013 Easy Drag \u0026 Drop Contact Form Builder For WordPress: from n/a through 1.6.17.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T11:09:16.175Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/weforms/wordpress-weforms-plugin-1-6-17-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;1.6.18 or a higher version."
}
],
"value": "Update to\u00a01.6.18 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress weForms Plugin \u003c= 1.6.17 is vulnerable to Cross Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-50896",
"datePublished": "2023-12-29T11:09:16.175Z",
"dateReserved": "2023-12-15T15:45:32.564Z",
"dateUpdated": "2024-08-02T22:23:43.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2395 (GCVE-0-2022-2395)
Vulnerability from cvelistv5 – Published: 2022-08-08 13:48 – Updated: 2024-08-03 00:39
VLAI?
Title
weForms < 1.6.14 - Admin+ Stored Cross-Site Scripting
Summary
The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | weForms – Easy Drag & Drop Contact Form Builder For WordPress |
Affected:
1.6.14 , < 1.6.14
(custom)
|
Credits
Tri Wanda Septian
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:06.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5e442dd9-a49d-4a8e-959b-199a8689da4b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "weForms \u2013 Easy Drag \u0026 Drop Contact Form Builder For WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.6.14",
"status": "affected",
"version": "1.6.14",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tri Wanda Septian"
}
],
"descriptions": [
{
"lang": "en",
"value": "The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-08T13:48:42",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/5e442dd9-a49d-4a8e-959b-199a8689da4b"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "weForms \u003c 1.6.14 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2395",
"STATE": "PUBLIC",
"TITLE": "weForms \u003c 1.6.14 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "weForms \u2013 Easy Drag \u0026 Drop Contact Form Builder For WordPress",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.6.14",
"version_value": "1.6.14"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tri Wanda Septian"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5e442dd9-a49d-4a8e-959b-199a8689da4b",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5e442dd9-a49d-4a8e-959b-199a8689da4b"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2395",
"datePublished": "2022-08-08T13:48:42",
"dateReserved": "2022-07-12T00:00:00",
"dateUpdated": "2024-08-03T00:39:06.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-22276 (GCVE-0-2020-22276)
Vulnerability from cvelistv5 – Published: 2020-11-04 16:54 – Updated: 2024-08-04 14:51
VLAI?
Summary
WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:51:10.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://filebin.net/khncr59vyfztn6wj"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://uploadboy.com/tvvs4p2gf03m/887/mp4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22276.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form\u0027s entry."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-04T16:54:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://filebin.net/khncr59vyfztn6wj"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://uploadboy.com/tvvs4p2gf03m/887/mp4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22276.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-22276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form\u0027s entry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://filebin.net/khncr59vyfztn6wj",
"refsource": "MISC",
"url": "https://filebin.net/khncr59vyfztn6wj"
},
{
"name": "http://uploadboy.com/tvvs4p2gf03m/887/mp4",
"refsource": "MISC",
"url": "http://uploadboy.com/tvvs4p2gf03m/887/mp4"
},
{
"name": "https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22276.pdf",
"refsource": "MISC",
"url": "https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22276.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-22276",
"datePublished": "2020-11-04T16:54:50",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:51:10.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}