CVE-2025-5392

The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdbtalktofront function. This is due to the function accepting user input and then passing that through calluserfunc. This makes it possible for unauthenticated...

CVE-2025-5392

GB Forms DB plugin for WordPress ≤ 1.0.2 is vulnerable to unauthenticated remote code execution via gbfdb_talk_to_front() which passes user input to call_user_func, enabling attackers to execute code, inject backdoors, or create admin accounts. This is a critical flaw (CVSS v3.1: 9.8). Remediatio...

CVE-2025-5392 GB Forms DB <= 1.0.2 - Unauthenticated Remote Code Execution

The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdbtalktofront function. This is due to the function accepting user input and then passing that through calluserfunc. This makes it possible for unauthenticated...

PT-2025-29211 · WordPress · Gb Forms Db

Name of the Vulnerable Software and Affected Versions: GB Forms DB plugin for WordPress versions up to and including 1.0.2 Description: The GB Forms DB plugin for WordPress is susceptible to Remote Code Execution via the gbfdb talk to front function. The function accepts user input and passes it...