cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-0386,https://securityvulnerability.io/vulnerability/CVE-2024-0386,Stored Cross-Site Scripting Vulnerability in weForms Plugin,"The weForms plugin for WordPress is exposed to a Stored Cross-Site Scripting (XSS) vulnerability due to a lack of proper input sanitization and output escaping associated with the 'Referer' HTTP header. This flaw exists in all versions of the weForms plugin up to and including version 1.6.21. If exploited, it allows unauthenticated attackers to inject malicious web scripts, which can execute whenever legitimate users access affected pages. This vulnerability can lead to the compromise of users' sessions and the integrity of the site's content, posing significant security risks for WordPress installations utilizing this plugin.",Wordpress,Weforms – Easy Drag & Drop Contact Form Builder For WordPress,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-03-12T21:34:34.174Z,0
CVE-2023-50896,https://securityvulnerability.io/vulnerability/CVE-2023-50896,WordPress weForms Plugin <= 1.6.17 is vulnerable to Cross Site Scripting (XSS),"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress: from n/a through 1.6.17.

",Wordpress,weForms – Easy Drag & Drop Contact Form Builder For WordPress,5.9,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-12-29T11:15:00.000Z,0
CVE-2022-2395,https://securityvulnerability.io/vulnerability/CVE-2022-2395,weForms < 1.6.14 - Admin+ Stored Cross-Site Scripting,"The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.",Wordpress,Weforms – Easy Drag & Drop Contact Form Builder For WordPress,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-08-08T13:48:42.000Z,0