exploitDog

CVE-2025-9544

Опубликовано: 29 окт. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin through 2.5.1 (limited to those whitelisted by the main Doppler Forms WordPress plugin through 2.5.1).

Ссылки

https://wpscan.com/vulnerability/06312fba-dfc5-47af-afe3-b01d8941acbf/

EPSS

Процентиль: 12%

0.00039

Низкий

6.5 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-f6mm-28jx-rrww

CVSS3: 6.5

github

3 месяца назад

The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin through 2.5.1 (limited to those whitelisted by the main Doppler Forms WordPress plugin through 2.5.1).

EPSS

Процентиль: 12%

0.00039

Низкий

6.5 Medium

CVSS3

Дефекты