216.73.217.86

CVE-2025-9544

· Published 29/10/2025 06:15 · Modified 29/10/2025 14:16

Labels: CVE-2025-9544 2025-10-29CVE-2025-9544[email protected]

Essential information

Published
29/10/2025 06:15
Modified
29/10/2025 14:16
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS metrics

Description

The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin through 2.5.1 (limited to those whitelisted by the main Doppler Forms WordPress plugin through 2.5.1).

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wpforms / wpforms cpe:2.3:a:wpforms:wpforms:*:*:*:*:*:wordpress:*:*
doppler forms / doppler forms cpe:2.3:a:doppler_forms:doppler_forms:*:*:*:*:*:wordpress:*:*

References