Vulnerabilities > Westguardsolutions > WS Form > 1.9.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-28 | CVE-2024-13509 | Cross-site Scripting vulnerability in Westguardsolutions WS Form The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-11-06 | CVE-2024-10647 | Cross-site Scripting vulnerability in Westguardsolutions WS Form The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.244. | 6.1 |
| 2024-06-07 | CVE-2023-5424 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Westguardsolutions WS Form The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. | 8.8 |
| 2023-12-29 | CVE-2023-52135 | Unspecified vulnerability in Westguardsolutions WS Form Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WS Form WS Form LITE – Drag & Drop Contact Form Builder for WordPress.This issue affects WS Form LITE – Drag & Drop Contact Form Builder for WordPress: from n/a through 1.9.170. | 7.2 |