4 matches found
CVE-2025-3201
The Contact Form builder with drag & drop for WordPress WordPress plugin before 2.4.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks...
CVE-2025-3201
The Contact Form builder with drag & drop for WordPress WordPress plugin before 2.4.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks...
CVE-2025-3201
CVE-2025-3201 concerns the WordPress plugin for the Contact Form builder with drag & drop (Kali Forms) prior to version 2.4.3. The vulnerability stems from insufficient sanitization and escaping of certain settings, enabling Stored Cross-Site Scripting (Stored XSS) by high-privilege users (e.g., ...
CVE-2025-3201 Kali Forms < 2.4.3 - Contributor+ Stored XSS
The Contact Form builder with drag & drop for WordPress WordPress plugin before 2.4.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks...