Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

weForms — Vulnerabilities & Security Advisories 4

Browse all 4 CVE security advisories affecting weForms. AI-powered Chinese analysis, POCs, and references for each vulnerability.

weForms is a WordPress form builder plugin enabling users to create custom contact forms, surveys, and payment solutions. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues due to insufficient input validation and improper access controls. The plugin has accumulated four CVEs, including critical RCE vulnerabilities allowing attackers to execute arbitrary code on affected servers. Security researchers have identified consistent patterns of inadequate sanitization in form processing functions, leading to persistent security risks. No major public security incidents have been documented, but the vulnerability history indicates ongoing security challenges requiring immediate patching by administrators.

Top products by weForms: weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress
CVE IDTitleCVSSSeverityPublished
CVE-2023-51524 WordPress weForms plugin <= 1.6.18 - Broken Access Control vulnerability — weFormsCWE-862 4.3 Medium2024-06-12
CVE-2024-30512 WordPress weForms plugin <= 1.6.20 - Broken Access Control vulnerability — weFormsCWE-862 3.7 Low2024-06-09
CVE-2024-32512 WordPress weForms plugin <= 1.6.20 - Form Submission Restriction Bypass vulnerability — weFormsCWE-602 5.3 Medium2024-05-17
CVE-2023-50896 WordPress weForms Plugin <= 1.6.17 is vulnerable to Cross Site Scripting (XSS) — weForms – Easy Drag & Drop Contact Form Builder For WordPressCWE-79 5.9 Medium2023-12-29

This page lists every published CVE security advisory associated with weForms. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.