CVE-2025-2561 – Ninja Forms Stored Cross-Site Scripting Vulnerability

May 19, 2025

CVE ID : CVE-2025-2561

Published : May 19, 2025, 6:15 a.m. | 45 minutes ago

Description : The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4477 – ThreatSonar Anti-Ransomware TeamT5 Privilege Escalation Vulnerability

Next Article CVE-2025-2560 – Ninja Forms Stored Cross-Site Scripting Vulnerability

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

Sunshine And March Vibes (2025 Wallpapers Edition)

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

My latest hands-on could be the best value AI laptop of the summer, but I still have questions

DOOM: The Dark Ages had the lowest Steam launch numbers in series history — Is it suffering from the ‘Game Pass Effect’?

Microsoft won’t be left exposed if something “catastrophic” happens to OpenAI — but may still be 3 to 6 months behind ChatGPT

Microsoft Copilot gets OpenAI’s GPT-4o image generation support — but maybe a day late and a dollar short for the hype?

ES6: Set Vs Array- What and When?

ES6: Set Vs Array- What and When?

Transform JSON into Typed Collections with Laravel’s AsCollection::of()

Deployer

My latest hands-on could be the best value AI laptop of the summer, but I still have questions

My latest hands-on could be the best value AI laptop of the summer, but I still have questions

DOOM: The Dark Ages had the lowest Steam launch numbers in series history — Is it suffering from the ‘Game Pass Effect’?

Microsoft won’t be left exposed if something “catastrophic” happens to OpenAI — but may still be 3 to 6 months behind ChatGPT

CVE-2025-2561 – Ninja Forms Stored Cross-Site Scripting Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-48259 – Juan Carlos WP Mapa Politico España CSRF

This AI Paper by Narrative BI Introduces a Hybrid Approach to Business Data Analysis with LLMs and Rule-Based Systems

CVE-2025-3759 – Netgear IGD Unauthenticated Configuration Change Vulnerability

Liner AI Review: Can It Help You Learn Faster?

CVE-2025-46746 – Citrix SharePoint Information Disclosure

Recraft Review: The Best AI Design Tool?

Vintage Investment Partners Appoints Ilan Leiferman as Chief Value-Add Officer

Over one billion users will get a new Microsoft user experience, and it has a dark mode

CVE-2025-1706 – Adobe Flash Use-After-Free Vulnerability

CVE-2025-2561 – Ninja Forms Stored Cross-Site Scripting Vulnerability

Related Posts