High severity8.1NVD Advisory· Published Aug 6, 2025· Updated Apr 15, 2026
CVE-2025-8420
CVE-2025-8420
Description
Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in various versions via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)
Patches
Vulnerability mechanics
References
9- plugins.trac.wordpress.org/changeset/3346435/nvd
- plugins.trac.wordpress.org/changeset/3346460/nvd
- plugins.trac.wordpress.org/changeset/3347084/nvd
- plugins.trac.wordpress.org/changesetnvd
- plugins.trac.wordpress.org/changesetnvd
- plugins.trac.wordpress.org/changesetnvd
- plugins.trac.wordpress.org/changesetnvd
- plugins.trac.wordpress.org/changesetnvd
- www.wordfence.com/threat-intel/vulnerabilities/id/601aa2b5-aeac-49bc-960d-4b4ff83e9229nvd
News mentions
0No linked articles in our index yet.