Posted  by  admin

Wpforms

  1. Wpforms Plugin
  2. Wpforms Lite

1,945 likes 25 talking about this. WPForms is the most beginner friendly WordPress form builder plugin. Trusted by over 4M+ websites, with 7000+ 5 star reviews. WPForms is perfect for business owners, bloggers, designers, developers, photographers, and basically everyone else. If you want to create a custom WordPress form, then you need to use WPForms. What’s required to use WPForms? WPForms is a WordPress Plugin. In order to use WPForms, you must have a self-hosted WordPress site. Attract Group has 20 employees. What is Attract Group’s industry? Attract Group is in the industry of: Software & Technical Consulting, Software. What is Attract Group's tech stack? The technologies that are used by Attract Group are: WPForms, GoDaddy DNS, Yandex Mail, Font Awesome. Who is Attract Group's CEO? Attract Group's CEO is Vladimir. WPForms is a 100% mobile responsive contact form solution, so your contact forms will always look great on all devices (mobile, tablet, laptop, and desktop). WPForms’ contact forms are also highly optimized for web and server performance because we understand the importance of speed when it comes to SEO, marketing, and conversion.

Modified

This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.

Current Description

Wordpress

A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress.


Analysis Description

A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress.

Wpforms

Severity

CVSS 3.x Severity and Metrics:

Wpforms Plugin

Wpforms login
NIST:NVD
Vector:NVD

Wpforms Lite

Vector:HyperlinkResourcehttps://packetstormsecurity.com/files/156910/WordPress-WP-Forms-1.5.8.2-Cross-Site-Scripting.htmlhttps://wordpress.org/plugins/wpforms-lite/#developersRelease NotesThird Party Advisoryhttps://wpvulndb.com/vulnerabilities/10114Third Party Advisoryhttps://www.getastra.com/blog/911/plugin-exploit/stored-xss-vulnerability-found-in-wpforms-plugin/ExploitThird Party Advisoryhttps://www.jinsonvarghese.com/stored-xss-vulnerability-found-in-wpforms-plugin/ExploitThird Party Advisory

Weakness Enumeration

CWE-IDCWE NameSource
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')NIST

Known Affected Software Configurations Switch to CPE 2.2

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Wpforms

Change History

4 change records found show changes