cleantalk
Vulnerabilities and Security Researches

Contact Form builder with drag & drop for WordPress – Kali Forms, CVE-2025-3201

CVE, Research URL

CVE-2025-3201

Home page URL

Security reports for Contact Form builder with drag & drop for WordPress – Kali Forms

Application

Contact Form builder with drag & drop for WordPress – Kali Forms

Published on
May 16, 2025
Research Description
The Contact Form builder with drag & drop for WordPress WordPress plugin before 2.4.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.
Affected versions
Min -, max 2.4.3.
Status
vulnerable
Previous vulnerability researches
Social Pug: Author Box (CVE-2025-22706) , Jan 22, 2025
Hubbub Lite (CVE-2024-1526) , Jun 06, 2024
Hubbub Lite (CVE-2024-10145) , May 16, 2025
Hubbub Lite (CVE-2016-10736) , Jun 06, 2024
Hubbub Lite (CVE-2023-7154) , Jun 06, 2024
New vulnerability
Dot html,php,xml etc pages (CVE-2025-48112) , May 18, 2025
Sharespine Woocommerce Connector (CVE-2025-48128) , May 18, 2025
Wishlist (CVE-2025-31063) , May 18, 2025
Wishlist (CVE-2025-31062) , May 18, 2025
WP-Members Membership Plugin (CVE-2025-4610) , May 18, 2025