"TITLE":"WS Form < 1.8.176 - Unauthenticated Stored Cross-Site Scripting"
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"generator":"WPScan CVE Generator",
"affects":{
"vendor":{
"vendor_data":[
{
"vendor_name":"WS Form",
"product":{
"product_data":[
{
"product_name":"WS Form LITE – Drag & Drop Contact Form Builder for WordPress",
"version":{
"version_data":[
{
"version_affected":"<",
"version_name":"1.8.176",
"version_value":"1.8.176"
}
]
}
},
{
"product_name":"WS Form Pro",
"version":{
"version_data":[
{
"version_affected":"<",
"version_name":"1.8.176",
"version_value":"1.8.176"
}
]
}
}
]
}
}
]
}
},
"description":{
"description_data":[
{
"lang":"eng",
"value":"The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission"
