cleantalk
Vulnerabilities and Security Researches

Comment Form WP – Customize Default Comment Form, CVE-2025-58825

CVE, Research URL

CVE-2025-58825

Home page URL

Security reports for Comment Form WP – Customize Default Comment Form

Application

Comment Form WP – Customize Default Comment Form

Published on
Sep 05, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Habibur Rahman Comment Form WP – Customize Default Comment Form allows Stored XSS. This issue affects Comment Form WP – Customize Default Comment Form: from n/a through 2.0.0.
Affected versions
Min -, max 2.0.0.
Status
vulnerable
Previous vulnerability researches
Community Lite Video Chat (12108f2d6b7cdd384ce360bc60e3cf6c2dcb247d) , Jun 06, 2024
Community Lite Video Chat (CVE-2024-49605) , Oct 22, 2024
New vulnerability
Translate This gTranslate Shortcode (CVE-2025-58880) , Sep 07, 2025
Search by Google (CVE-2025-58832) , Sep 07, 2025
BCM Duplicate Menu (CVE-2025-58798) , Sep 07, 2025
GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership (CVE-2025-48102) , Sep 07, 2025
Ibtana – Ecommerce Product Addons (CVE-2025-58786) , Sep 07, 2025