{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T13:03:50.077","vulnerabilities":[{"cve":{"id":"CVE-2025-5684","sourceIdentifier":"security@wordfence.com","published":"2025-07-29T20:15:28.947","lastModified":"2025-07-31T18:42:56.503","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `mf-template` DOM Element in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."},{"lang":"es","value":"El complemento MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor para WordPress es vulnerable a Cross-Site Scripting almacenado a través del elemento DOM `mf-template` en todas las versiones hasta la 4.0.1 incluida, debido a una depuración de entrada y un escape de salida insuficiente. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en las páginas que se ejecutarán al acceder un usuario a una página inyectada."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:L\/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https:\/\/plugins.trac.wordpress.org\/browser\/metform\/tags\/3.9.9\/public\/assets\/js\/app.js","source":"security@wordfence.com"},{"url":"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dded505-8968-4ed2-8883-42a3ec50155c?source=cve","source":"security@wordfence.com"}]}}]}