High severity8.1NVD Advisory· Published Aug 6, 2025· Updated Apr 15, 2026
CVE-2025-8420
CVE-2025-8420
Description
Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in various versions via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- plugins.trac.wordpress.org/changeset/3346435/nvd
- plugins.trac.wordpress.org/changeset/3346460/nvd
- plugins.trac.wordpress.org/changeset/3347084/nvd
- plugins.trac.wordpress.org/changesetnvd
- plugins.trac.wordpress.org/changesetnvd
- plugins.trac.wordpress.org/changesetnvd
- plugins.trac.wordpress.org/changesetnvd
- plugins.trac.wordpress.org/changesetnvd
- www.wordfence.com/threat-intel/vulnerabilities/id/601aa2b5-aeac-49bc-960d-4b4ff83e9229nvd
News mentions
0No linked articles in our index yet.