CVE-2025-5392

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: GB Forms DB plugin for WordPress versions up to and including 1.0.2

Description: The GB Forms DB plugin for WordPress is susceptible to Remote Code Execution via the gbfdb talk to front() function. The function accepts user input and passes it through call user func(), allowing unauthenticated attackers to execute code on the server. This could enable attackers to inject backdoors or create new administrative user accounts.

Recommendations: Update the GB Forms DB plugin to a version beyond 1.0.2.

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2025-5392

Affected Products

Gb Forms Db

CVE-2025-5392

Weakness Enumeration

Related Identifiers

Affected Products

References · 9