weForms – Easy Drag & Drop Contact Form Builder For WordPress — Vulnerabilities & Security Advisories 4

All 4 CVE vulnerabilities found in weForms – Easy Drag & Drop Contact Form Builder For WordPress, with AI-generated Chinese analysis, references, and POCs.

Vendor: Unknown

CVE ID	Title	CVSS	Severity	Published
CVE-2026-2707	weForms <= 1.6.27 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Hidden Field Value via REST API CWE-79	6.4	Medium	2026-03-11
CVE-2024-0386	weForms <= 1.6.21 - Unauthenticated Stored Cross-Site Scripting via Referer CWE-79	7.2	High	2024-03-12
CVE-2023-50896	WordPress weForms Plugin <= 1.6.17 is vulnerable to Cross Site Scripting (XSS) CWE-79	5.9	Medium	2023-12-29
CVE-2022-2395	weForms < 1.6.14 - Admin+ Stored Cross-Site Scripting CWE-79	4.8	-	2022-08-08

All 4 known CVE vulnerabilities affecting weForms – Easy Drag & Drop Contact Form Builder For WordPress with full Chinese analysis, references, and POCs where available.

Goal Reached Thanks to every supporter — we hit 100%!

weForms – Easy Drag & Drop Contact Form Builder For WordPress — Vulnerabilities & Security Advisories 4