CVE-2025-3201 – WordPress Contact Form Builder Stored Cross-Site Scripting Vulnerability

May 16, 2025

CVE ID : CVE-2025-3201

Published : May 16, 2025, 6:15 a.m. | 2 hours, 44 minutes ago

Description : The Contact Form builder with drag & drop for WordPress WordPress plugin before 2.4.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4750 – D-Link Configuration Handler Remote Information Disclosure Vulnerability

Next Article CVE-2025-4752 – D-Link DI-7003GV2 Remote Information Disclosure Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Microsoft has closed its “Experience Center” store in Sydney, Australia — as it ramps up a continued digital growth campaign

Bing Search APIs to be “decommissioned completely” as Microsoft urges developers to use its Azure agentic AI alternative

Microsoft might kill the Surface Laptop Studio as production is quietly halted

Minecraft licensing robbed us of this controversial NFL schedule release video

The power of generators

The power of generators

Simplify Factory Associations with Laravel’s UseFactory Attribute

This Week in Laravel: React Native, PhpStorm Junie, and more

Microsoft has closed its “Experience Center” store in Sydney, Australia — as it ramps up a continued digital growth campaign

Microsoft has closed its “Experience Center” store in Sydney, Australia — as it ramps up a continued digital growth campaign

Bing Search APIs to be “decommissioned completely” as Microsoft urges developers to use its Azure agentic AI alternative

Microsoft might kill the Surface Laptop Studio as production is quietly halted

CVE-2025-3201 – WordPress Contact Form Builder Stored Cross-Site Scripting Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-47916 – Invision Community Themeeditor Remote Code Execution

Perficient Insights: Dreamforce 2024 with Chelsea Monda

U.S. Dismantles World’s Largest 911 S5 Botnet, with 19 Million Infected Devices

The best Black Friday gaming PC deals 2024: Early sales live now

Implementing an Accessible and Responsive Accordion Menu

Critical AWS Amplify Studio Vulnerability Let Attackers Execute Arbitrary Code

I Feel Like a Hacker Using These Cool Linux Terminal Tools

Do LLMs Know Internally When They Follow Instructions?

Smashing Security podcast #404: Podcast not found

CVE-2025-3201 – WordPress Contact Form Builder Stored Cross-Site Scripting Vulnerability

Related Posts