CVE-2025-5921

Medium CVSS 5.8

Overview

The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both authenticated and unauthenticated users.

CWE: CWE-79 Published: 2025-08-01T06:15:29.127

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 5.8 (MEDIUM)
Detected tags: wordpress, xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags