CVE-2025-12178 | SpiceForms Form Builder Plugin up to 1.0 on WordPress Shortcode cross site scripting

Inserito da Angelo Barbosa | Gen 13, 2026 | CVE

A vulnerability was found in SpiceForms Form Builder Plugin up to 1.0 on WordPress. It has been declared as problematic. This affects an unknown part of the component Shortcode Handler. Executing a manipulation can lead to cross site scripting.

This vulnerability appears as CVE-2025-12178. The attack may be performed from remote. There is no available exploit.

CVE-2025-12178 | SpiceForms Form Builder Plugin up to 1.0 on WordPress Shortcode cross site scripting

Post correlati

CVE-2024-47194 | Siemens ModelSim/Questa prior 2024.3 vish2.exe uncontrolled search path (ssa-426509)

CVE-2024-28672 | DedeCMS 5.7 /dede/media_edit.php cross-site request forgery

CVE-2024-2332 | SourceCodester Online Mobile Management Store 1.0 HTTP GET Request manage_category.php id sql injection

CVE-2024-0333 | Google Chrome prior 120.0.6099.216 Extensions input validation