CVE-2025-1294 – “eForm for WordPress Stored Cross-Site Scripting Vulnerability”

April 24, 2025

CVE ID : CVE-2025-1294

Published : April 24, 2025, 11:15 p.m. | 3 hours, 45 minutes ago

Description : The eForm – WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.18.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46274 – UNI-NMS-Lite Authentication Bypass

Next Article CVE-2025-46595 – Backdrop CMS Flag Module Cross-Site Scripting Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

Minecraft Vibrant Visuals finally has a release date and it’s dropping with the Happy Ghasts

QAQ-QQ-AI-QUEST

QAQ-QQ-AI-QUEST

JS Dark Arts: Abusing prototypes and the Result type

Helpful Git Aliases To Maximize Developer Productivity

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

CVE-2025-1294 – “eForm for WordPress Stored Cross-Site Scripting Vulnerability”

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

More From Our Main Blog: The Good, the Bad and the Ugly in Cybersecurity – Week 24

CVE-2025-46735 – Terraform WinDNS Provider Authenticated Command Injection

Move over ChatGPT: This tiny voice recorder is my new favorite AI assistant. Here’s why

CVE-2025-0217 – BeyondTrust Privileged Remote Access (PRA) Authentication Bypass Vulnerability

Opsera Raises $20M to Drive AI-Powered DevOps Platform Innovation, Accelerating AI Agent Adoption and Developer Efficiency

Shaping the future of advanced robotics

CVE-2025-29446 – Open-WebUI SSRF Vulnerability

Box64 is a Linux userspace x86-64 emulator

CVE-2025-47944 – Multer Denial of Service

CVE-2025-1294 – “eForm for WordPress Stored Cross-Site Scripting Vulnerability”

Related Posts