WS Form LITE <= 1.8.175 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability

Administrator

Published
2022-01-30

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

CVE

https://www.cve.org/CVERecord?id=CVE-2022-23987

CVSS

Score:4.8

Severity:Medium

Version: 1.8.175

There is a patch available in v1.8.176 and we strongly recommend you update to this version as soon as possible.