Vulnerabilities and security researches forall-in-one-forms all-in-one-forms

Nov 11, 2025

CVE, Research URL: CVE-2025-11889
Home page URL: Security reports for AIO Forms – Your #1 companion for those difficult forms
Application: AIO Forms – Your #1 companion for those difficult forms
Date: Oct 24, 2025
Research Description: The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1.3.15. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions: max 1.3.15.
Status: vulnerable