Vulnerabilities and security researches fordoppler-form doppler-form

Apr 05, 2025

CVE, Research URL: CVE-2025-32165
Home page URL: Security reports for Doppler Forms
Application: Doppler Forms
Date: Apr 04, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fromdoppler Doppler Forms allows Stored XSS. This issue affects Doppler Forms: from n/a through 2.4.5.
Affected versions: max 2.4.5.
Status: vulnerable

Apr 11, 2025

CVE, Research URL: CVE-2025-32667
Home page URL: Security reports for Doppler Forms
Application: Doppler Forms
Date: Apr 09, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in fromdoppler Doppler Forms allows Stored XSS. This issue affects Doppler Forms: from n/a through 2.4.5.
Affected versions: max 2.4.5.
Status: vulnerable

Apr 17, 2025

CVE, Research URL: CVE-2025-32620
Home page URL: Security reports for Doppler Forms
Application: Doppler Forms
Date: -
Research Description: Doppler Forms [doppler-form] <= 2.4.5 (unfixed) CVE-2025-32620
Affected versions: max 2.4.5.
Status: vulnerable

Apr 27, 2026

CVE, Research URL: CVE-2025-9544
Home page URL: Security reports for Doppler Forms
Application: Doppler Forms
Date: Oct 29, 2025
Research Description: The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin through 2.5.1 (limited to those whitelisted by the main Doppler Forms WordPress plugin through 2.5.1).
Affected versions: max 2.6.0.
Status: vulnerable