EUVD-2026-4901

🗓️ 28 Jan 2026 06:43:41Reported by EUVDType

Stored cross site scripting in Forms Bridge plugin via id in financoop_campaign shortcode; affected up to version 4.2.5.

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2026-1244	28 Jan 202606:43	–	attackerkb
Circl	CVE-2026-1244	28 Jan 202609:27	–	circl
CNNVD	WordPress Plugin Forms Bridge – Infinite integrations Cross-site scripting vulnerabilities	28 Jan 202600:00	–	cnnvd
CVE	CVE-2026-1244	28 Jan 202606:43	–	cve
Cvelist	CVE-2026-1244 Forms Bridge <= 4.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute	28 Jan 202606:43	–	cvelist
NVD	CVE-2026-1244	28 Jan 202607:16	–	nvd
Patchstack	WordPress Forms Bridge plugin <= 4.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability	28 Jan 202601:36	–	patchstack
Positive Technologies	PT-2026-5068	28 Jan 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-1244	29 Jan 202609:24	–	redhatcve
Vulnrichment	CVE-2026-1244 Forms Bridge <= 4.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute	28 Jan 202606:43	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "4a8428b7-fb1b-3645-bfed-1a8c4e35c26f",
        "vendor": {
          "name": "codeccoop"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "42b55f51-a742-3cb9-a1d7-2b31d3d5b54f",
        "product": {
          "name": "Forms Bridge – Infinite integrations"
        },
        "product_version": "* ≤4.2.5"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/3e047822-5766-4e7f-be89-f4a15f0e6d51
plugins	www.plugins.trac.wordpress.org/browser/forms-bridge/trunk/addons/financoop/shortcodes.php
plugins	www.plugins.trac.wordpress.org/browser/forms-bridge/tags/4.2.3/addons/financoop/shortcodes.php
plugins	www.plugins.trac.wordpress.org/changeset

28 Jan 2026 15:04Current

6Medium risk

Vulners AI Score6

CVSS 3.16.4

EPSS0.00016

SSVC