CVE-2020-36919

MEDIUM

WPForms 1.7.8 - XSS

Title source: llm

Description

WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and tab parameter. Attackers can inject malicious scripts through the ListTable.php endpoint to execute arbitrary JavaScript in victim's browser.

Exploits (1)

exploitdb WORKING POC

by Milad karimi · textwebappsphp

https://www.exploit-db.com/exploits/51152

View Code ZIP pw:eip

References (3)

[Product] https://wordpress.org/plugins/wpforms-lite

[Exploit] https://www.exploit-db.com/exploits/51152

[Third Party Advisory] https://www.vulncheck.com/advisories/wpforms-cross-site-scripting-xss

Scores

CVSS v3 6.1

EPSS 0.0005

EPSS Percentile 15.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

wpforms/wpforms < 1.7.8

Published Jan 13, 2026

Tracked Since Feb 18, 2026