Vulnerabilities and security researches forgutenverse-form gutenverse-form

Dec 11, 2025

CVE, Research URL: CVE-2025-66079
Home page URL: Security reports for Gutenverse Form
Application: Gutenverse Form
Date: Nov 21, 2025
Research Description: Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a through <= 2.2.0.
Affected versions: max 2.2.0.
Status: vulnerable

Jan 11, 2026

CVE, Research URL: CVE-2025-14984
Home page URL: Security reports for Gutenverse Form
Application: Gutenverse Form
Date: Jan 08, 2026
Research Description: The Gutenverse Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.3.2. This is due to the plugin's framework component adding SVG to the allowed MIME types via the upload_mimes filter without implementing any sanitization of SVG file contents. This makes it possible for authenticated attackers, with Author-level access and above, to upload SVG files containing malicious JavaScript that executes when the file is viewed, leading to arbitrary JavaScript execution in victims' browsers.
Affected versions: max 2.4.0.
Status: vulnerable

CVE, Research URL: CVE-2025-68511
Home page URL: Security reports for Gutenverse Form
Application: Gutenverse Form
Date: Dec 24, 2025
Research Description: Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a through <= 2.3.1.
Affected versions: max 2.3.1.
Status: vulnerable