CVE-2025-13861 | HTML Forms Plugin up to 1.6.0 on WordPress File Upload cross site scripting

Inserito da Angelo Barbosa | Dic 16, 2025 | CVE

A vulnerability described as problematic has been identified in HTML Forms Plugin up to 1.6.0 on WordPress. This affects an unknown function of the component File Upload. The manipulation results in cross site scripting.

This vulnerability is cataloged as CVE-2025-13861. The attack may be launched remotely. There is no exploit available.

CVE-2025-13861 | HTML Forms Plugin up to 1.6.0 on WordPress File Upload cross site scripting

Post correlati

CVE-2025-13561 | SourceCodester Company Website CMS 1.0 /admin/index.php Username sql injection

CVE-2025-62729 | SOPlanning up to 1.54 /status cross site scripting

CVE-2024-50837 | Kashipara E-Learning Management System Project 1.0 HTTP POST Request admin_user.php firstname/username cross site scripting

CVE-2024-47322 | Ex-Themes WP Timeline Plugin up to 3.6.7 on WordPress cross site scripting