CVE-2025-8483 Discussion Board – WordPress Forum Plugin <= 2.5.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

🗓️ 25 Oct 2025 06:49:23Reported by WordfenceType

Authenticated subscribers can trigger arbitrary shortcodes in the Discussion Board plugin up to 2.5.5.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-8483	25 Oct 202510:51	–	circl
CNNVD	WordPress plugin Discussion Board - WordPress Forum Plugin Security Vulnerabilities	26 Oct 202500:00	–	cnnvd
CVE	CVE-2025-8483	25 Oct 202506:49	–	cve
EUVD	EUVD-2025-35923	25 Oct 202509:32	–	euvd
NVD	CVE-2025-8483	25 Oct 202507:15	–	nvd
Patchstack	WordPress Discussion Board – WordPress Forum Plugin plugin <= 2.5.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability	25 Oct 202502:55	–	patchstack
Positive Technologies	PT-2025-43727	25 Oct 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-8483	26 Oct 202507:16	–	redhatcve
Vulnrichment	CVE-2025-8483 Discussion Board – WordPress Forum Plugin <= 2.5.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution	25 Oct 202506:49	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (October 20, 2025 to October 26, 2025)	30 Oct 202516:01	–	wordfence

[
  {
    "vendor": "marketingfire",
    "product": "Discussion Board – WordPress Forum Plugin",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "2.5.5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/a09659bc-e42b-4f08-a1a1-23e226be1be9
plugins	www.plugins.trac.wordpress.org/changeset

08 Apr 2026 17:12Current

CVSS 3.16.3

EPSS0.0022

CWE-94