CVE-2022-2395 WeForms before 1.6.14 is vulnerable to cross-site scripting attacks due to its lack of sanitization and escaping of settings.

CVE-2022-2395 WeForms before 1.6.14 is vulnerable to cross-site scripting attacks due to its lack of sanitization and escaping of settings.

This has been fixed in version 1.6.15 and later.

Before upgrading, make sure that your site is not under attack. If you have any doubts, seek assistance from security professionals. You can also check the version of your weForms WordPress plugin on your site with the following:
A weForms installation will show the current version number in the plugin’s admin area, as well as the last minor version update.

2.8 or greater is required to use this feature.

WeForms comes with a built-in ‘report_bug’ feature in its settings panel, which is a great way to notify us of any potential security vulnerabilities in the plugin.
We strongly encourage all our users to report any issues to us through this feature.

The plugin’s source code is hosted on GitHub and may be accessed by anyone.

How to use the report_bug feature?

If you feel that your website is under attack, or if you have any doubts about the security of your site, you can use the report_bug feature in your WeForms settings to notify us of any potential vulnerabilities.
To do this, simply enter the following into the plugin’s settings:
It will then prompt you for a description of what is happening and for an email address to send it to.
3.5 or greater is required to use this feature.
The plugin’s source code is hosted on GitHub and may be accessed by anyone.

How to use the ‘report_bug’ feature?

To report a bug or vulnerability, click on the ‘Report bugs’ link in the plugin’s settings.

Please include as much information about the problem as possible, such as:
The affected plugin version and your site’s URL.
What you were doing when you encountered the issue.
How to reproduce the issue.
Any error messages that might be seen in your browser or logs.

How to use this feature?

To report a security vulnerability, log in to your WordPress admin area. You will then see the ‘report bug’ function in WeForms’ settings:

You can also do this on the plugin’s main page in the form of an email address.

When you submit a report, we will review it and if appropriate, make a fix as quickly as possible with an update to the plugin.

What is ‘report_bug’?

The ‘report_bug’ feature is a built-in function in the WordPress settings panel that allows users to report potential security vulnerabilities in theyForms. We strongly encourage all our users to use this feature to report any issues, and we hope that the plugin’s bug reporting page will be a more accessible option for those who have trouble using it.

If you have any doubts about whether your site is under attack or if you need assistance from security professionals, first check whether or not your site is currently under attack with the following:
If your site is under attack, performance may be impacted and you should contact an expert immediately.

What is WordPress Core Bug Bounty?

The WordPress Core Bug Bounty allows users to report any security vulnerabilities in the WordPress CMS, such as a cross-site scripting (XSS) vulnerability.
If you find a security vulnerability that affects your site, you can report it on our website. All reported bugs are reviewed by our team and fixed if necessary.
For more information on how to report a bug visit: https://corebugbounty.com/how-to-report

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe