WS Form LITE Stored XSS Vulnerability
CVE-2024-47320

7.1HIGH

Key Information:

Vendor: WordPress
Status: Ws Form Lite
Vendor: CVE Published:; 6 October 2024

Summary

A vulnerability exists in WS Form LITE due to improper neutralization of input during web page generation. This flaw allows for the execution of stored Cross-Site Scripting (XSS) attacks, where an attacker can inject malicious scripts that execute whenever users load affected pages. If exploited, this vulnerability can compromise user data and facilitate unauthorized actions within web applications. Versions of WS Form LITE from n/a to 1.9.238 are particularly susceptible, making it essential for users to take preventive measures to secure their web environments.

Affected Version(s)

WS Form LITE <= 1.9.238

References

https://patchstack.com/database/vulnerability/ws-form/wor...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 6, 2024
Vulnerability Reserved
Sep 24, 2024

Credit

Savphill (Patchstack Alliance)