Critical severity9.8NVD Advisory· Published Jul 11, 2025· Updated Apr 15, 2026
CVE-2025-5392
CVE-2025-5392
Description
The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdb_talk_to_front() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leverage to inject backdoors or create new administrative user accounts to name a few things.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=1.0.2+ 1 more
- (no CPE)range: <=1.0.2
- (no CPE)range: <=1.0.2
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.