Doppler Forms

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Description

The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin through 2.5.1 (limited to those whitelisted by the main Doppler Forms WordPress plugin through 2.5.1).

Basic Information

ID CVE-2025-9544

Source WPScan

Published Oct 29, 2025 at 06:00

Modified Oct 29, 2025 at 13:51

Affected Product

Vendor Unknown

Product Doppler Forms

Affected Versions Unknown Doppler Forms 0

CWE Classification

References

wpscan.com /vulnerability/06312fba-dfc5-47af-afe3-b01d8941acbf/

{
    "lastseen": "",
    "description": "The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user \u2014 including those with the Subscriber role \u2014 can install and activate additional Doppler Forms WordPress plugin through 2.5.1 (limited to those whitelisted by the main Doppler Forms WordPress plugin through 2.5.1).",
    "published": "2025-10-29T06:00:06.910Z",
    "modified": "2025-10-29T13:51:20.351Z",
    "type": "cve",
    "title": "Doppler Forms <= 2.5.1 - Subscriber+ Limited Plugin Installation",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/06312fba-dfc5-47af-afe3-b01d8941acbf/",
    "id": "CVE-2025-9544",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown Doppler Forms 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Doppler Forms",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Doppler Forms <= 2.5.1 - Subscriber+ Limited Plugin Installation_CVE-2025-9544