Stored Cross-Site Scripting Vulnerability in Contact Us Simple Form for WordPress
CVE-2025-14028
4.4MEDIUM
What is CVE-2025-14028?
The Contact Us Simple Form plugin for WordPress is susceptible to Stored Cross-Site Scripting (XSS) due to insufficient input sanitization and output escaping. This vulnerability affects all versions up to and including 1.0. Authenticated attackers with administrator-level access can exploit this flaw by injecting arbitrary web scripts into admin settings. Consequently, when users access the compromised pages, these scripts can execute in their browsers, potentially leading to various malicious outcomes.
Affected Version(s)
Contact Us Simple Form * <= 1.0
References
CVSS V3.1
Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Bhumividh Treloges