CVE-2025-10694

Name of the Vulnerable Software and Affected Versions User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress versions up to and including 1.8.0

Description The User Feedback plugin for WordPress is susceptible to unauthorized data access. A missing capability check within the maybe load onboarding wizard function allows unauthenticated attackers to access the onboarding wizard page. This access exposes configuration information, including the administrator email address.

Recommendations Update the User Feedback plugin to a version newer than 1.8.0.