CVE-2025-1294 – “eForm for WordPress Stored Cross-Site Scripting Vulnerability”

April 24, 2025

CVE ID : CVE-2025-1294

Published : April 24, 2025, 11:15 p.m. | 3 hours, 45 minutes ago

Description : The eForm – WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.18.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46274 – UNI-NMS-Lite Authentication Bypass

Next Article CVE-2025-46595 – Backdrop CMS Flag Module Cross-Site Scripting Vulnerability

How To Prevent WordPress SQL Injection Attacks

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Databricks adds new tools like Lakebase, Lakeflow Designer, and Agent Bricks to better support building AI apps and agents in the enterprise

Zencoder launches end-to-end UI testing agent

OpenAI CEO Sam Altman claims “ChatGPT is already more powerful than any human who has ever lived”

Apple Intelligence delay: A clash of two architectures and trivial AI features fell short of standards and expectations

Ambrosia Sky is a gorgeous science-fiction game that’s all about death, and I can’t wait to play more

3 secrets of PowerToys on Windows 11 that you’ll wish you already knew

[EcjoJS Meta] Content discussion

[EcjoJS Meta] Content discussion

Accessibility, Inclusive Design, and Universal Design Work Together

An “Inconceivable” Conversation With Dr. Pete Cornwell on Simple vs. Agentic AI

OpenAI CEO Sam Altman claims “ChatGPT is already more powerful than any human who has ever lived”

OpenAI CEO Sam Altman claims “ChatGPT is already more powerful than any human who has ever lived”

Apple Intelligence delay: A clash of two architectures and trivial AI features fell short of standards and expectations

Ambrosia Sky is a gorgeous science-fiction game that’s all about death, and I can’t wait to play more

CVE-2025-1294 – “eForm for WordPress Stored Cross-Site Scripting Vulnerability”

Urgent: CVE-2025–47273 Exposes Python SetupTools — Here’s How to Stay Secure

Google Pixel 10 to Embrace Qi2 Wireless Charging with New “Pixelsnap” Accessories

Distribution Release: PorteuX 2.1

CVE-2025-47163 – Microsoft Office SharePoint Remote Code Execution Vulnerability

CVE-2025-48414 – Apache Web Interface Unauthenticated Script Execution Vulnerability

The Most Underrated UX Skill No One Talks About

CVE-2025-39386 – Mojoomla Hospital Management System SQL Injection

CVE-2025-2594 – WordPress User Registration & Membership Unauthorized Authentication Vulnerability

Steam su GNU/Linux: addio alle versioni con glibc precedente alla 2.31

NVIDIA AI Releases OpenMath-Nemotron-32B and 14B-Kaggle: Advanced AI Models for Mathematical Reasoning that Secured First Place in the AIMO-2 Competition and Set New Benchmark Records

CVE-2025-1294 – “eForm for WordPress Stored Cross-Site Scripting Vulnerability”

Related Posts