Medium severity5.3NVD Advisory· Published Oct 25, 2025· Updated Apr 15, 2026

CVE-2025-10694

Description

The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybe_load_onboarding_wizard function in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to access the onboarding wizard page and view configuration information including the administrator email address.

Affected products

WordPress/Userfeedback Liteinferred
Range: <=1.8.0
Package: https://wordpress.org/plugins/userfeedback-lite
WordPress/User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Secondsllm-create
Range: <=1.8.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000