CVE-2025-14984

Name of the Vulnerable Software and Affected Versions Gutenverse Form plugin for WordPress versions prior to 2.3.3

Description The Gutenverse Form plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG file uploads. The plugin’s framework component allows SVG files through the upload mimes filter without sanitizing the SVG file contents. This allows authenticated attackers with Author-level access or higher to upload SVG files containing malicious JavaScript. When these files are viewed, the malicious JavaScript executes in the victim’s browser, potentially leading to arbitrary JavaScript execution.

Recommendations Update the Gutenverse Form plugin to version 2.3.3 or later.