Browse all 3 CVE security advisories affecting WS Form. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WS Form is a WordPress form builder plugin enabling contact forms, surveys, and data collection. Historically, it has faced vulnerabilities including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation, primarily stemming from insufficient input validation and improper access controls. The plugin maintains three CVE records, with issues often allowing attackers to execute unauthorized actions or compromise site integrity. While no major public incidents have been widely documented, its vulnerability history underscores the importance of regular updates and input sanitization in form handling plugins. Security researchers continue to scrutinize such tools due to their extensive access to website functionality and user data.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-52135 | WordPress WS Form LITE Plugin <= 1.9.170 is vulnerable to SQL Injection — WS Form LITE – Drag & Drop Contact Form Builder for WordPressCWE-89 | 7.6 | High | 2023-12-29 |
| CVE-2022-23988 | WS Form < 1.8.176 - Unauthenticated Stored Cross-Site Scripting — WS Form LITE – Drag & Drop Contact Form Builder for WordPressCWE-79 | 6.1 | - | 2022-02-28 |
| CVE-2022-23987 | WS Form < 1.8.176 - Admin+ Stored Cross-Site Scripting — WS Form LITE – Drag & Drop Contact Form Builder for WordPressCWE-79 | 4.8 | - | 2022-02-28 |
This page lists every published CVE security advisory associated with WS Form. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.