5 matches found
CVE-2025-3794
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the starttimestamp parameter in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping...
CVE-2025-3794 WPForms Lite <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start_timestamp' Parameter
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the starttimestamp parameter in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping...
CVE-2025-3794
CVE-2025-3794 refers to WPForms Lite
CVE-2025-3794 WPForms Lite <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start_timestamp' Parameter
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the starttimestamp parameter in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping...
WordPress WPForms Lite plugin <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start_timestamp' Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'starttimestamp' Parameter vulnerability discovered by Asaf Mozes in WordPress Plugin Contact Form by WPForms versions = 1.9.5...