Vulnerabilities

CVE-2025-14855 - SureForms <= 2.2.0 - unauthenticated stored cross-site scripting

2025-12-21 0 views admin
CVE-2025-14855 - SureForms <= 2.2.0 - unauthenticated stored cross-site scripting

CVE ID : CVE-2025-14855 Published : Dec. 21, 2025, 8:15 a.m. | 55 minutes ago Description : The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Severity: 7.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Severity
HIGH
Published
Dec. 21, 2025
Affected Product: WordPress

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-14855highwordpress

More from Vulnerabilities

CVE-2025-15003 - SeaCMS admin_video.php sql injection

CVE-2025-15003 - SeaCMS admin_video.php sql injection

2025-12-22 0
CVE-2025-15006 - Tenda WH450 HTTP Request CheckTools stack-based overflow

CVE-2025-15006 - Tenda WH450 HTTP Request CheckTools stack-based overflow

2025-12-22 0
CVE-2025-15004 - DedeCMS freelist_main.php sql injection

CVE-2025-15004 - DedeCMS freelist_main.php sql injection

2025-12-22 0
CVE-2025-15005 - CouchCMS reCAPTCHA config.example.php hard-coded key

CVE-2025-15005 - CouchCMS reCAPTCHA config.example.php hard-coded key

2025-12-22 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views