CVE-2025-9544

Doppler Forms <= 2.5.1 - Subscriber+ Limited Plugin Installation

Description

The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin through 2.5.1 (limited to those whitelisted by the main Doppler Forms WordPress plugin through 2.5.1).

INFO

Published Date :

2025-10-29T06:00:06.910Z

Last Modified :

2026-04-02T12:39:56.346Z

Source :

WPScan

AFFECTED PRODUCTS

The following products are affected by CVE-2025-9544 vulnerability.

Vendors	Products
Wordpress	Wordpress

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-9544.

URL	Resource
https://wpscan.com/vulnerability/06312fba-dfc5-47af-afe3-b01d8941acbf/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact