CVE-2025-9544
CVE-2025-9544 affects the Doppler Forms WordPress plugin (versions up to 2.5.1). The issue is an AJAX action install_extension that does not verify user capabilities or use a nonce, enabling any authenticated user (including Subscriber) to install/activate additional Doppler Forms plugins whiteli...