CVE-2023-48752

HIGH 7.1

WordPress Happyforms Plugin <= 1.25.9 is vulnerable to Cross Site Scripting (XSS)

CVSS Score

7.1

EPSS Score

0.0%

EPSS Percentile

0th

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms allows Reflected XSS.This issue affects Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms: from n/a through 1.25.9.

CWE	CWE-79
Vendor	happyforms
Product	form builder to get in touch with visitors, grow your email list and collect payments — happyforms
Published	Nov 30, 2023
Last Updated	Apr 28, 2026

Stay Ahead of the Next One

Get instant alerts for happyforms form builder to get in touch with visitors, grow your email list and collect payments — happyforms

Be the first to know when new high vulnerabilities affecting happyforms form builder to get in touch with visitors, grow your email list and collect payments — happyforms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Affected Versions

Happyforms / Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms

n/a ≤ 1.25.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

patchstack.com: https://patchstack.com/database/vulnerability/happyforms/wordpress-happyforms-plugin-1-25-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Credits

Le Ngoc Anh (Patchstack Alliance)