Security Advisory

CVE-2025-9544

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-29 06:00:06

Last updated 2026-04-02 12:39:56

Assigner WPScan

State PUBLISHED

Description

The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin through 2.5.1 (limited to those whitelisted by the main Doppler Forms WordPress plugin through 2.5.1).

← Browse all CVEs View on cve.org ↗