cvedb.io
CVE-2022-23988
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2022-02-28T09:15:09.497 · Last modified 2026-06-17T04:31:06.173

Summary

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission

Affected products

westguardsolutions — ws_form

Does this affect you?

Add your gear to cvedb and we'll alert you only when westguardsolutions ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.