Cross-Site Scripting Vulnerability in Beauty Contact Popup Form by WordPress
CVE-2025-53325

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Beauty Contact Popup Form
Vendor: CVE Published:; 27 June 2025

What is CVE-2025-53325?

A vulnerability exists in the Beauty Contact Popup Form plugin which allows attackers to exploit improper input handling during web page generation, resulting in stored cross-site scripting (XSS). This vulnerability impacts versions from 'n/a' to 6.0, opening up potential avenues for threat actors to execute malicious scripts within users' browsers. It is crucial for users of this plugin to take immediate action to safeguard their websites from potential exploitation of this security flaw.

Affected Version(s)

Beauty Contact Popup Form <= 6.0

References

https://patchstack.com/database/wordpress/plugin/beauty-c...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2025
Vulnerability Reserved
Jun 27, 2025

Credit

Nguyen Ngoc Quang Bach (maysbachs) (Patchstack Alliance)