What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gravity-forms allows Reflected XSS.This issue affects Real Time Validation for Gravity Forms: from n/a through <= 1.7.0.
Explanation of Vulnerability in Simple Terms
02Summary
Real Time Validation for Gravity Forms versions 1.7.0 and earlier contain a cross-site scripting (XSS) vulnerability. An attacker can inject malicious scripts that execute in users' browsers when they interact with affected form validation features. The vulnerability requires user interaction and can affect other users or site functionality depending on the injection point.
What an attacker can do
03Attacker Capabilities
Inject malicious scripts that run in users' browsers when they interact with form validation.
Potential impact on your site
04Site Impact
Visitors' browsers can execute attacker-controlled JavaScript, potentially stealing session data or modifying form behavior.
Conditions required to exploit
05Prerequisites
User must visit a page with the vulnerable plugin and interact with a form validation feature.
Key dates
06Disclosure timeline
June 6, 2025
CVE published
April 28, 2026
Record updated