Home

Description

The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin through 2.5.1 (limited to those whitelisted by the main Doppler Forms WordPress plugin through 2.5.1).

PUBLISHED Reserved 2025-08-27 | Published 2025-10-29 | Updated 2025-10-29 | Assigner WPScan

Problem types

CWE-862 Missing Authorization

Product status

Default status
affected

Any version
affected

Credits

Khaled Alenazi (Nxploited) finder

WPScan coordinator

References

wpscan.com/...rability/06312fba-dfc5-47af-afe3-b01d8941acbf/ exploit vdb-entry technical-description

cve.org (CVE-2025-9544)

nvd.nist.gov (CVE-2025-9544)

Download JSON