3 matches found
CVE-2025-13861
The HTML Forms – Simple WordPress Forms Plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to and including 1.6.0 due to insufficient sanitization of fabricated file upload field metadata before displaying it in the WordPress admin dashboard. This...
CVE-2025-13861
CVE-2025-13861 affects the WordPress plugin HTML Forms – Simple WordPress Forms Plugin. It is vulnerable to unauthenticated stored XSS in all versions up to and including 1.6.0 due to insufficient sanitization of fabricated file upload field metadata before displaying it on the admin submissions ...
CVE-2025-13861 HTML Forms – Simple WordPress Forms Plugin <= 1.6.0 - Unauthenticated Stored Cross-Site Scripting
The HTML Forms – Simple WordPress Forms Plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to and including 1.6.0 due to insufficient sanitization of fabricated file upload field metadata before displaying it in the WordPress admin dashboard. This...