CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-31045: WordPress elfsight Contact Form widget <= 2.3.1 - Sensitive Data Exposure Vulnerability

7.5 CVSS

Description

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in elfsight elfsight Contact Form widget allows Retrieve Embedded Sensitive Data. This issue affects elfsight Contact Form widget: from n/a through 2.3.1.

Classification

CVE ID: CVE-2025-31045

CVSS Base Severity: HIGH

CVSS Base Score: 7.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem Types

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

Affected Products

Vendor: elfsight

Product: elfsight Contact Form widget

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.75% (scored less or equal to compared to others)

EPSS Date: 2025-06-22 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-31045
https://patchstack.com/database/wordpress/plugin/elfsight-contact-form/vulnerability/wordpress-elfsight-contact-form-widget-2-3-1-sensitive-data-exposure-vulnerability?_s_id=cve

Timeline

2025-06-09 16:40:18 UTC
CVE

WordPress elfsight Contact Form widget <= 2.3.1 - Sensitive Data Exposure Vulnerability