PT-2025-52140 · WordPress · Pdf For Wpforms

Phat Rio

·

Published

2025-12-18

·

Updated

2025-12-18

·

CVE-2025-60082

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PDF for WPForms versions through 6.3.1
Description The software contains a flaw related to the deserialization of untrusted data, specifically allowing object injection. This issue is present in the add-ons.org PDF for WPForms pdf-for-wpforms.
Recommendations Update PDF for WPForms to a version newer than 6.3.1.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2025-60082

Affected Products

Pdf For Wpforms