← volver
CVE-2025-8420

Multiple Plugins by emarket-design <= Multiple Versions - Unauthenticated Limited Remote Code Execution

CVSS 8.1 HIGHEPSS 0.9%CWE-95
Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in various versions via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
cyberlord92 · Employee Directory – Staff Directory and Listingemarket-design · Campus Directory – Faculty, Staff & Student Directory Plugin for WordPressemarket-design · Customer Support Ticket System & Helpdesk Plugin for WordPressemarket-design · Event RSVP and Simple Event Management Pluginemarket-design · Project Management, Bug and Issue Tracking Plugin – Software Issue Manageremarket-design · Request a Quote Form Plugin – Price Quote Request Management Made Easyemarket-design · Simple Contact Form Plugin for WordPress – WP Easy Contactemarket-design · Video Gallery – YouTube Gallery & Responsive Video Playlist

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://plugins.trac.wordpress.org/changeset/3346435/https://plugins.trac.wordpress.org/changeset/3346460/https://plugins.trac.wordpress.org/changeset/3347084/https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3338854%40request-a-quote&new=3338854%40request-a-quote&sfp_email=&sfph_mail=https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3340992%40software-issue-manager&new=3340992%40software-issue-manager&sfp_email=&sfph_mail=https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3341064%40wp-ticket&new=3341064%40wp-ticket&sfp_email=&sfph_mail=https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3348220%40wp-easy-events&new=3348220%40wp-easy-events&sfp_email=&sfph_mail=https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3365190%40youtube-showcase&new=3365190%40youtube-showcase&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/601aa2b5-aeac-49bc-960d-4b4ff83e9229?source=cve