CVE-2025-22295

{"id": "CVE-2025-22295", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 2.8}]}, "published": "2025-01-09T16:16:25.140", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/tripetto/vulnerability/wordpress-tripetto-plugin-8-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes \u2013 Tripetto tripetto allows Stored XSS.This issue affects WordPress form builder plugin for contact forms, surveys and quizzes \u2013 Tripetto: from n/a through <= 8.0.6."}, {"lang": "es", "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Tripetto WordPress form builder plugin para contact forms, surveys y quizzes \u2013 Tripetto permite XSS almacenado. Este problema afecta a WordPress form builder plugin para contact forms, surveys y quizzes \u2013 Tripetto: Tripetto: desde n/a hasta 8.0.5."}], "lastModified": "2026-04-29T10:16:38.927", "sourceIdentifier": "audit@patchstack.com"}