Vulnerabilities > Weformspro > Weforms > 1.6.14

DATE CVE VULNERABILITY TITLE RISK
2024-06-12 CVE-2023-51524 Unspecified vulnerability in Weformspro Weforms
Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18.
network
low complexity
weformspro
8.8
8.8
2024-06-09 CVE-2024-30512 Unspecified vulnerability in Weformspro Weforms
Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20.
network
low complexity
weformspro
critical
 9.1
9.1
2024-03-12 CVE-2024-0386 Cross-site Scripting vulnerability in Weformspro Weforms
The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping.
network
low complexity
weformspro CWE-79
6.1
6.1
2023-12-29 CVE-2023-50896 Unspecified vulnerability in Weformspro Weforms
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress: from n/a through 1.6.17.
network
low complexity
weformspro
4.8
4.8