CVE-2022-23988

MEDIUM LAB

WS Form LITE & Pro <1.8.176 - XSS

Title source: llm

Description

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission

Exploits (1)

nomisec WORKING POC

by simonepetruzzi · poc

https://github.com/simonepetruzzi/WebSecurityProject

View Code ZIP pw:eip

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://wpscan.com/vulnerability/9d5738f9-9a2e-4878-8a03-745894420bf6

Scores

CVSS v3 6.1

EPSS 0.1443

EPSS Percentile 94.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Lab Environment

COMMUNITY

Community Lab

docker pull wordpress:latest

https://github.com/simonepetruzzi/WebSecurityProject

View in Library

Details

CWE

CWE-79

Status published

Products (1)

westguardsolutions/ws_form < 1.8.176 (2 CPE variants)

Published Feb 28, 2022

Tracked Since Feb 18, 2026