Cross-Site Scripting Vulnerability in Tripetto WordPress Form Builder Plugin
CVE-2025-22295

Currently unrated

Key Information:

Vendor

WordPress
Status
WordPress Form Builder Plugin For Contact Forms, Surveys And Quizzes – Tripetto
Vendor
CVE Published:
9 January 2025

What is CVE-2025-22295?

The Tripetto WordPress form builder plugin is susceptible to a Cross-Site Scripting vulnerability due to improper input neutralization during web page generation. This vulnerability allows attackers to execute arbitrary JavaScript code in the context of users visiting affected sites, potentially leading to stolen credentials, session hijacking, or defacement of webpages. Users of Tripetto versions from n/a through 8.0.5 should take immediate action to secure their deployments.

Affected Version(s)

WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto 0 <= 8.0.6

References

https://patchstack.com/database/Wordpress/Plugin/tripetto...
vdb-entry

Timeline

  • Vulnerability published

.