WordPress Doppler Forms plugin < 2.6.0 - Subscriber+ Limited Plugin Installation vulnerability

Subscriber+ Limited Plugin Installation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Doppler Forms versions 2.6.0...

CVE-2025-9544 Doppler Forms <= 2.5.1 - Subscriber+ Limited Plugin Installation

The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action installextension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin...