PT-2026-1596 · WordPress · Stylish Order Form Builder

Sopon Tangpathum

Publicado

2026-01-07

Atualizado

2026-01-07

CVE-2025-13531

CVSS v3.1

6.4

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Stylish Order Form Builder plugin for WordPress versions prior to 1.1

Description The Stylish Order Form Builder plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping related to the product name parameter. Authenticated attackers with Subscriber-level access or higher can inject malicious web scripts into pages. These scripts will then execute when a user accesses the compromised page.

Recommendations Update the Stylish Order Form Builder plugin to version 1.1 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2025-13531

Produtos afetados

Stylish Order Form Builder

PT-2026-1596 · WordPress · Stylish Order Form Builder

CVE-2025-13531

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7