Description
The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin through 2.5.1 (limited to those whitelisted by the main Doppler Forms WordPress plugin through 2.5.1).
Published: 2025-10-29
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized plugin installation by low‑privilege users
Action: Immediate Patch
AI Analysis

Impact

The Doppler Forms plugin registers an AJAX action called install_extension without checking the user’s capabilities or validating a nonce. As a result, any authenticated user can trigger the action and install or activate additional plugins that are whitelisted by the plugin itself. This flaw effectively allows privilege escalation from a Subscriber role to the ability to modify the site’s functionality and potentially introduce malicious code.

Affected Systems

Any WordPress site running Doppler Forms version 2.5.1 or earlier is vulnerable. The exploit is limited to the plugin’s extension list, but installing even a benign extension gives an attacker a foothold for further compromise.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity, yet the EPSS score of less than 1% suggests a very low chance of exploitation in the wild. The flaw is not yet listed in the CISA KEV catalog. Because the attack vector requires an authenticated user with at least Subscriber level access, the risk is confined to sites with many low‑privilege accounts. However, once an extension is installed, the attacker could gain elevated privileges if the extension contains a vulnerability or malicious payload.

Generated by OpenCVE AI on April 27, 2026 at 23:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Doppler Forms plugin to a version newer than 2.5.1 that implements capability checks for installing extensions.
  • If an immediate update is not possible, remove the install_extension AJAX action by editing the plugin or using a custom snippet to unhook it, thereby preventing unauthenticated extension installation.
  • Revoke or limit Subscriber role permissions to access the Plugins administration area, ensuring only administrators can manage extensions.

Generated by OpenCVE AI on April 27, 2026 at 23:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Thu, 30 Oct 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Wed, 29 Oct 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 29 Oct 2025 06:15:00 +0000

Type Values Removed Values Added
Description The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin through 2.5.1 (limited to those whitelisted by the main Doppler Forms WordPress plugin through 2.5.1).
Title Doppler Forms <= 2.5.1 - Subscriber+ Limited Plugin Installation
References

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2026-04-02T12:39:56.346Z

Reserved: 2025-08-27T13:52:12.254Z

Link: CVE-2025-9544

cve-icon Vulnrichment

Updated: 2025-10-29T13:51:11.413Z

cve-icon NVD

Status : Deferred

Published: 2025-10-29T06:15:33.647

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-9544

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T23:45:15Z

Weaknesses