PT-2025-31616 · WordPress · Sureforms
Dmitry Ignatyev
·
Published
2025-08-01
·
Updated
2025-08-01
·
CVE-2025-5921
CVSS v3.1
5.8
| Vector | AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L |
Exploit
Fix
Related Identifiers
Affected Products
Sureforms
Dmitry Ignatyev
·
Published
2025-08-01
·
Updated
2025-08-01
·
CVE-2025-5921
5.8
Medium
| Base vector | Vector | AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions:
SureForms WordPress plugin versions prior to 1.7.2
Description:
The SureForms WordPress plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue. This can be exploited against both authenticated and unauthenticated users.
Recommendations:
Update to SureForms WordPress plugin version 1.7.2 or later.
Exploit
Fix