PT-2025-44236 · WordPress · Doppler Forms
Khaled Alenazi
·
Published
2025-10-29
·
Updated
2025-10-29
·
CVE-2025-9544
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Doppler Forms WordPress plugin versions through 2.5.1
Description
The Doppler Forms WordPress plugin registers an AJAX action,
install extension, without proper verification of user capabilities or the use of a nonce. This allows any authenticated user, even those with the Subscriber role, to install and activate additional Doppler Forms plugins, limited to those whitelisted by the main plugin.Recommendations
Update Doppler Forms WordPress plugin to a version later than 2.5.1.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Doppler Forms