CVE-2022-23987
Description
The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CWE
- CWE-79 — CWE-79 Cross-site Scripting (XSS)
Affected
- WS Form / WS Form LITE – Drag & Drop Contact Form Builder for WordPress — v=1.8.176 <1.8.176 [affected]
- WS Form / WS Form Pro — v=1.8.176 <1.8.176 [affected]
CVSS
- (none)
References
Source
cvelistV5-main/cves/2022/23xxx/CVE-2022-23987.json