CVE-2022-23987: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2022-23987 affects WS Form LITE and Pro WordPress plugins versions before 1.8.176. The vulnerability was discovered by Felipe Restrepo Rodriguez and was publicly disclosed on January 31, 2022. This security issue involves improper sanitization and escaping of Form Names in the plugins (WPScan Advisory).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue, specifically a stored XSS vulnerability (CWE-79). It has received a CVSS v3.1 base score of 4.8 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. The technical issue stems from the plugins' failure to properly sanitize and escape Form Names, which can be exploited even when the unfiltered_html capability is disabled (NVD).

The vulnerability allows high-privilege users to perform Cross-Site Scripting attacks. When exploited, the XSS payload can be triggered in the Forms list and when viewing or previewing forms. This could potentially lead to unauthorized script execution in the context of other users' browsers (WPScan Advisory).

The vulnerability has been fixed in version 1.8.176 of both WS Form LITE and WS Form Pro plugins. Users are advised to update their installations to this version or later to mitigate the risk (WPScan Advisory).