CVE-2025-5341 is a stored Cross-Site Scripting (XSS) vulnerability affecting the WordPress plugin 'Forminator Forms – Contact Form, Payment Form & Custom Form Builder' developed by wpmudev. This vulnerability exists in all versions up to and including 1.44.1. The root cause is improper neutralization of input during web page generation, specifically insufficient sanitization and output escaping of the 'id' and 'data-size' parameters. An authenticated attacker with at least Contributor-level privileges can exploit this flaw by injecting arbitrary malicious scripts into form pages. These scripts are then stored and executed in the context of any user who views the compromised page, potentially leading to session hijacking, privilege escalation, or other malicious activities. The vulnerability does not require user interaction once the malicious script is stored and is exploitable remotely over the network without special access beyond Contributor-level. The CVSS v3.1 base score is 6.4 (medium severity), reflecting network attack vector, low attack complexity, required privileges, no user interaction, and impact on confidentiality and integrity but not availability. No known exploits are reported in the wild as of publication. The vulnerability affects a widely used WordPress plugin that enables creation of contact, payment, and custom forms, making it a significant risk for websites relying on this plugin for user input collection and payment processing.

For European organizations, this vulnerability poses a notable risk especially for those relying on WordPress sites with the Forminator Forms plugin for customer interaction, payment processing, or data collection. Exploitation could lead to unauthorized disclosure of sensitive user information, including personal data protected under GDPR, through session hijacking or theft of authentication tokens. Integrity of website content and user-submitted data could be compromised, damaging trust and brand reputation. Although availability is not directly affected, the indirect consequences such as regulatory fines, remediation costs, and loss of customer confidence could be substantial. The stored XSS nature means that any user visiting the compromised page could be affected, increasing the scope of impact. Given the plugin’s role in payment forms, attackers might also leverage this to conduct fraudulent transactions or phishing attacks targeting European customers. The medium severity score suggests moderate but meaningful risk that requires timely remediation to prevent exploitation.

European organizations should promptly update the Forminator Forms plugin to a version that addresses this vulnerability once released by the vendor. Until a patch is available, organizations should implement strict input validation and output encoding on the affected parameters ('id' and 'data-size') at the application or web server level if possible. Restrict Contributor-level access to trusted users only, minimizing the risk of malicious script injection. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting these parameters. Conduct thorough security audits and penetration testing focusing on XSS vectors in form inputs. Monitor logs for unusual activity related to form submissions and user privilege escalations. Educate site administrators and users about the risks of XSS and encourage immediate reporting of suspicious site behavior. Additionally, implement Content Security Policy (CSP) headers to reduce the impact of any injected scripts by restricting script execution sources.