cleantalk
Vulnerabilities and Security Researches

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions , CVE-2023-25981

CVE, Research URL

CVE-2023-25981

Home page URL

Security reports for Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions

Application

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions

Published on
Aug 25, 2023
Research Description
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form plugin <= 2.8.1 versions.
Affected versions
Min -, max 2.8.3.
Status
vulnerable
Previous vulnerability researches
BuddyForms Moderation ( Former: Review Logic ) (897b17e2e87fb40e2397863f5bd6a2d899657e77) , Jun 07, 2024
BuddyForms Form Elements for WooCommerce (39d1f22f-ea34-4d94-9dc2-12661cf69d36) , Jun 07, 2024
BuddyForms Ultimate Member (893cfcf44e3c079784f666e461a667cb4f6e2761) , Jun 06, 2024
Advanced Custom Fields Frontend Forms &#8211; ACF Forms &#8211; ACF Post Form &#8211; ACF Registration Form &#8211; ACF Content (1d8066394517b6cd0b4aebae83bf3d686d10bc5c) , Jun 06, 2024
BuddyPress &amp; BuddyBoss Member Profile Forms (053af10176d1dc3feead6bb1c45f871d35190797) , Jun 07, 2024
New vulnerability
Integration for WooCommerce and QuickBooks (CVE-2025-39600) , Apr 18, 2025
GB Gallery Slideshow (CVE-2025-32649) , Apr 18, 2025
Question Answer (CVE-2025-32646) , Apr 18, 2025
PropertyHive (CVE-2025-39577) , Apr 18, 2025
WP-BusinessDirectory &#8211; Business directory plugin for WordPress (CVE-2025-32630) , Apr 18, 2025