CVE-2025-39428 – WordPress Gravity Forms CSS Themes with Fontawesome and Placeholders plugin <= 8.5 - Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2025-39428

17 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maros Pristas Gravity Forms CSS Themes with Fontawesome and Placeholders allows Stored XSS. This issue affects Gravity Forms CSS Themes with Fontawesome and Placeholders: from n/a through 8.5. The Gravity Forms CSS Themes with Fontawesome and Placeholders plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 8.5 due to insufficient input sanitization and output ... • https://patchstack.com/database/wordpress/plugin/gravity-forms-css-themes-with-fontawesome-and-placeholder-support/vulnerability/wordpress-gravity-forms-css-themes-with-fontawesome-and-placeholders-plugin-8-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •