Cross-Site Scripting Vulnerability in WPQuark eForm from WordPress
CVE-2025-48333
7.1HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 17 June 2025
What is CVE-2025-48333?
The improper neutralization of input during web page generation in WPQuark eForm exposes users to reflected cross-site scripting (XSS) attacks. This vulnerability allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to session hijacking, data theft, or defacement. Users employing this WordPress Form Builder should implement immediate corrective measures to secure their applications against such threats.
Affected Version(s)
eForm - WordPress Form Builder < 4.19.1