Cross-site Scripting Vulnerability in PluginsCafe Range Slider Addon for Gravity Forms
CVE-2025-49905

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Range Slider Addon For Gravity Forms
Vendor: CVE Published:; 6 November 2025

What is CVE-2025-49905?

The PluginsCafe Range Slider Addon for Gravity Forms is vulnerable to a Cross-site Scripting (XSS) flaw due to improper input handling during web page generation. This vulnerability enables attackers to inject malicious scripts into pages that are viewed by other users, leading to potential data theft or session hijacking. The issue affects versions from n/a through 1.1.6.

Affected Version(s)

Range Slider Addon for Gravity Forms <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/rang...

vdb-entry

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2025
Vulnerability Reserved
Jun 11, 2025

Credit

HunSec | Patchstack Bug Bounty Program

JSON