CVE-2025-48329 HIGH

CVE-2025-48329: WordPress Real Time Validation for Gravity Forms plugin <= 1.7.0 - Reflected Cross Site Scripting (XSS) vulnerability

Vendor Daman Jeet
Product Real Time Validation for Gravity Forms
Weakness CWE-79 · XSS
Published June 6, 2025
Last update April 28, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gravity-forms allows Reflected XSS.This issue affects Real Time Validation for Gravity Forms: from n/a through <= 1.7.0.

Explanation of Vulnerability in Simple Terms

02Summary

Real Time Validation for Gravity Forms versions 1.7.0 and earlier contain a cross-site scripting (XSS) vulnerability. An attacker can inject malicious scripts that execute in users' browsers when they interact with affected form validation features. The vulnerability requires user interaction and can affect other users or site functionality depending on the injection point.

What an attacker can do

03Attacker Capabilities

Inject malicious scripts that run in users' browsers when they interact with form validation.

Potential impact on your site

04Site Impact

Visitors' browsers can execute attacker-controlled JavaScript, potentially stealing session data or modifying form behavior.

Conditions required to exploit

05Prerequisites

User must visit a page with the vulnerable plugin and interact with a form validation feature.

Key dates

06Disclosure timeline

June 6, 2025 CVE published
April 28, 2026 Record updated