CVE-2025-3201 – WordPress Contact Form Builder Stored Cross-Site Scripting Vulnerability

May 16, 2025

CVE ID : CVE-2025-3201

Published : May 16, 2025, 6:15 a.m. | 2 hours, 44 minutes ago

Description : The Contact Form builder with drag & drop for WordPress WordPress plugin before 2.4.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4750 – D-Link Configuration Handler Remote Information Disclosure Vulnerability

Next Article CVE-2025-4752 – D-Link DI-7003GV2 Remote Information Disclosure Vulnerability

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

I flew Insta360’s new ‘Antigravity’ drone around Los Angeles, and it was impossible to miss a shot

The $100 open-ear headphones that made me forget about my Shokz

5 quick and simple ways to greatly improve the quality of your headphones

Installing a UPS battery backup saved my work PC – here’s the full story

Maintaining Data Consistency with Laravel Database Transactions

Maintaining Data Consistency with Laravel Database Transactions

Building a Multi-Step Form With Laravel, Livewire, and MongoDB

Inertia Releases a New Form Component

Google’s Gemini AI had a full-on meltdown while coding — calling itself a fool, a disgrace, and begging for freedom from its own loop

Google’s Gemini AI had a full-on meltdown while coding — calling itself a fool, a disgrace, and begging for freedom from its own loop

Take-Two hints at $100 price tag for Grand Theft Auto VI — will it deliver on value?

ChatGPT Go offers GPT-5, image creation, and longer memory — all for $5 (if you’re lucky enough to live where it’s available)

CVE-2025-3201 – WordPress Contact Form Builder Stored Cross-Site Scripting Vulnerability

Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

Zero Trust + AI: Privacy in the Age of Agentic AI

ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware

CVE-2025-52486 – DNN TokenReplace URL Sanitation Vulnerability

Frostpunk 2 heats up with a free “major content update” that overhauls the survival city builder’s core gameplay

CVE-2025-37811 – “Qualcomm Chipidea USB Driver Null Pointer Dereference”

CVE-2025-5063 – Google Chrome Use After Free in Compositing Vulnerability

Ninja Gaiden 4 Can Run at 120 FPS on Xbox Series X — Letting Players Choose Framerate Over Graphics

Water Curse Employs 76 GitHub Accounts to Deliver Multi-Stage Malware Campaign

I’ve never worn a pair of headphones quite like these – and they’re a swimmer’s delight

CVE-2025-3201 – WordPress Contact Form Builder Stored Cross-Site Scripting Vulnerability

Related Posts