216.73.216.133

CVE-2025-8420

· Published 06/08/2025 03:15 · Modified 06/08/2025 20:23

Labels: CVE-2025-8420 2025-08-06CVE-2025-8420CWE-95[email protected]

Essential information

Published
06/08/2025 03:15
Modified
06/08/2025 20:23
Author
Creator
CVSS
8.1 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

The Request a Quote Form plugin for WordPress is vulnerable to Remote Code Execution in version less than, or equal to, 2.5.2 via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wordpress / request a quote form cpe:2.3:a:wordpress:request_a_quote_form:<=2.5.2:*:*:*:*:wordpress:*:*

References