CVE-2025-9544

CVE-2025-9544 affects the Doppler Forms WordPress plugin (versions up to 2.5.1). The issue is an AJAX action install_extension that does not verify user capabilities or use a nonce, enabling any authenticated user (including Subscriber) to install/activate additional Doppler Forms plugins whiteli...

PT-2024-12054 · Unknown · Ladle Dev Server

Name of the Vulnerable Software and Affected Versions: Ladle Dev Server versions 2.5.1 and earlier Description: A Directory Traversal issue allows an attacker on the same network to read files accessible to the user via GET requests. This can be exploited by sending requests to specific API...