CVE-2025-3201 Information

Description

The Contact Form builder with drag & drop for WordPress WordPress plugin before 2.4.3 does not sanitise and escape some of its settings which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.

Reference

https://wpscan.com/vulnerability/4248289f-36d2-41c5-baf6-bb2c630482ef/