2025-08-06 02:24:12
Wordfence
PUBLISHED
Multiple plugins for WordPress by emarket-design with the emd-form-builder-lite package are vulnerable to Remote Code Execution in various versions via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called