The SureForms WordPress plugin before 1.9.1 does not sanitise and escape some parameters when outputing them in the page, which could allow admin and above users to perform Cross-Site Scripting attacks.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Sureforms |
|
| Wordpress |
|
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
| Vendors | Products |
|---|---|
| Sureforms |
|
| Wordpress |
|
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Tue, 23 Sep 2025 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Sureforms
Sureforms sureforms Wordpress Wordpress wordpress |
|
| Vendors & Products |
Sureforms
Sureforms sureforms Wordpress Wordpress wordpress |
Tue, 23 Sep 2025 06:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The SureForms WordPress plugin before 1.9.1 does not sanitise and escape some parameters when outputing them in the page, which could allow admin and above users to perform Cross-Site Scripting attacks. | |
| Title | SureForms < 1.9.1 - Admin+ Stored XSS | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2025-09-23T06:00:06.866Z
Reserved: 2025-07-28T14:00:04.392Z
Link: CVE-2025-8282
Vulnrichment
No data.
NVD
Status : Received
Published: 2025-09-23T06:15:49.110
Modified: 2025-09-23T06:15:49.110
Link: CVE-2025-8282
Redhat
No data.
OpenCVE Enrichment
Updated: 2025-09-23T16:03:17Z