CVE-2025-5392P2CRITICALCVSS 9.8≤ 1.0.22025-07-11
CVE-2025-5392 [CRITICAL] CWE-94 CVE-2025-5392: The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, a
The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdb_talk_to_front() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be
nvd