VYPR

Doppler Forms

by WordPress

CVEs (1)

  • CVE-2025-9544MedOct 29, 2025
    risk 0.42cvss 6.5epss 0.00

    The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler…