CVE-2025-9544 - Vulnerability Details - OpenCVE

The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin through 2.5.1 (limited to those whitelisted by the main Doppler Forms WordPress plugin through 2.5.1).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Exploitation poc

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://wpscan.com/vulnerability/06312fba-dfc5-47af-afe3-b01d8941acbf/

History

Wed, 29 Oct 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 29 Oct 2025 06:15:00 +0000

Type	Values Removed	Values Added
Description		The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin through 2.5.1 (limited to those whitelisted by the main Doppler Forms WordPress plugin through 2.5.1).
Title		Doppler Forms <= 2.5.1 - Subscriber+ Limited Plugin Installation
References		https://wpscan.com/vulnerability/06312fba-dfc5-47af-afe3-b01d8941acbf/

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2025-10-29T06:00:06.910Z

Updated: 2025-10-29T13:51:20.351Z

Reserved: 2025-08-27T13:52:12.254Z

Link: CVE-2025-9544

Vulnrichment

Updated: 2025-10-29T13:51:11.413Z

NVD

Status : Received

Published: 2025-10-29T06:15:33.647

Modified: 2025-10-29T14:16:01.237

Link: CVE-2025-9544

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-9544", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2025-08-27T13:52:12.254Z", "datePublished": "2025-10-29T06:00:06.910Z", "dateUpdated": "2025-10-29T13:51:20.351Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2025-10-29T06:00:06.910Z"}, "title": "Doppler Forms <= 2.5.1 - Subscriber+ Limited Plugin Installation", "problemTypes": [{"descriptions": [{"description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Doppler Forms", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThanOrEqual": "2.5.1"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user \u2014 including those with the Subscriber role \u2014 can install and activate additional Doppler Forms WordPress plugin through 2.5.1 (limited to those whitelisted by the main Doppler Forms WordPress plugin through 2.5.1)."}], "references": [{"url": "https://wpscan.com/vulnerability/06312fba-dfc5-47af-afe3-b01d8941acbf/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Khaled Alenazi (Nxploited)", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-10-29T13:50:04.334477Z", "id": "CVE-2025-9544", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-29T13:51:20.351Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-9544", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-29T13:50:04.334477Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-29T13:51:11.413Z"}}], "cna": {"title": "Doppler Forms <= 2.5.1 - Subscriber+ Limited Plugin Installation", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Khaled Alenazi (Nxploited)"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "Doppler Forms", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.5.1"}], "defaultStatus": "affected"}], "references": [{"url": "https://wpscan.com/vulnerability/06312fba-dfc5-47af-afe3-b01d8941acbf/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user \u2014 including those with the Subscriber role \u2014 can install and activate additional Doppler Forms WordPress plugin through 2.5.1 (limited to those whitelisted by the main Doppler Forms WordPress plugin through 2.5.1)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2025-10-29T06:00:06.910Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9544", "state": "PUBLISHED", "dateUpdated": "2025-10-29T13:51:20.351Z", "dateReserved": "2025-08-27T13:52:12.254Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2025-10-29T06:00:06.910Z", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}