cleantalk
Vulnerabilities and Security Researches

Contact Form builder with drag & drop for WordPress – Kali Forms, CVE-2025-3201

CVE, Research URL

CVE-2025-3201

Home page URL

Security reports for Contact Form builder with drag & drop for WordPress – Kali Forms

Application

Contact Form builder with drag & drop for WordPress – Kali Forms

Published on
May 16, 2025
Research Description
The Contact Form builder with drag & drop for WordPress WordPress plugin before 2.4.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.
Affected versions
Min -, max 2.4.3.
Status
vulnerable
Previous vulnerability researches
SB Chart block (CVE-2025-3661) , Apr 20, 2025
New vulnerability
Dot html,php,xml etc pages (CVE-2025-48112) , May 18, 2025
Sharespine Woocommerce Connector (CVE-2025-48128) , May 18, 2025
Wishlist (CVE-2025-31063) , May 18, 2025
Wishlist (CVE-2025-31062) , May 18, 2025
WP-Members Membership Plugin (CVE-2025-4610) , May 18, 2025