CVE-2025-1294 – “eForm for WordPress Stored Cross-Site Scripting Vulnerability”

April 24, 2025

CVE ID : CVE-2025-1294

Published : April 24, 2025, 11:15 p.m. | 3 hours, 45 minutes ago

Description : The eForm – WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.18.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46274 – UNI-NMS-Lite Authentication Bypass

Next Article CVE-2025-46595 – Backdrop CMS Flag Module Cross-Site Scripting Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Windows Recall finally launches, Oblivion Remastered surprise drops, and Drug Dealer Simulator devs speak out

This tiny Bluetooth speaker delivers loud, distortion-free sound – and it’s on sale

Are you playing The Elder Scrolls 4: Oblivion Remastered, and if so, what do you think? — Weekend discussion 💬

I’ve been trying to figure out why these AR glasses cost $700, but I’m frankly stumped

Perficient Included in IDC Market Glance: Healthcare Provider Operational IT Solutions, 1Q25

Perficient Included in IDC Market Glance: Healthcare Provider Operational IT Solutions, 1Q25

Natural Language Q&A in Optimizely CMS Using Azure OpenAI and AI Search

Closing Deals Faster: The Future of Sales with AI & Personalization

Windows Recall finally launches, Oblivion Remastered surprise drops, and Drug Dealer Simulator devs speak out

Windows Recall finally launches, Oblivion Remastered surprise drops, and Drug Dealer Simulator devs speak out

Windows 11 24H2 colourful battery icons for taskbar are still coming, but no ETA, says Microsoft

Git Interactive Rebase Tool – terminal-based sequence editor for interactive rebase

CVE-2025-1294 – “eForm for WordPress Stored Cross-Site Scripting Vulnerability”

April 2025 Patch Tuesday: One Zero-Day and 11 Critical Vulnerabilities Among 121 CVEs

Microsoft “.library-ms” File / NTLM Information Disclosure (Resurrected 2025)

The Singularity: Humanity’s Last Invention – The Complete Guidebook

Underwriting Reimagined: Generative AI as the Architect of Smarter Insurance

Months before millions of PCs will get stuck on Windows 10, Google makes its case for running ChromeOS to use Microsoft 365

LOFT: A Comprehensive AI Benchmark for Evaluating Long-Context Language Models

VMware Workstation Pro Update Brings Linux Fixes

Shift-Left Automation: Enhancing Software Quality with Smart Testing

AI in Cybersecurity: What’s Effective and What’s Not – Insights from 200 Experts

What’s new in Ubuntu 24.04.2? Kernel 6.11, better graphics, and more

CVE-2025-1294 – “eForm for WordPress Stored Cross-Site Scripting Vulnerability”

Related Posts