PT-2025-45548 · WordPress · Html Forms – Simple Wordpress Forms Plugin
Published
2025-11-08
·
Updated
2025-11-08
·
CVE-2025-12125
CVSS v3.1
4.4
Medium
| Vector | AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
HTML Forms – Simple WordPress Forms Plugin versions up to and including 1.5.5
Description
The software contains a flaw that allows an attacker with administrator-level permissions to inject malicious web scripts into pages. This is due to inadequate input sanitization and output escaping in the admin settings. The injected scripts will execute when a user accesses the compromised page. This issue specifically impacts multi-site installations and those with unfiltered html disabled.
Recommendations
Update HTML Forms – Simple WordPress Forms Plugin to a version later than 1.5.5
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Html Forms – Simple Wordpress Forms Plugin