Vulnerabilities and security researches forgb-forms-db gb-forms-db

Jul 12, 2025

CVE, Research URL: CVE-2025-5392
Home page URL: Security reports for GB Forms DB
Application: GB Forms DB
Date: Jul 11, 2025
Research Description: The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdb_talk_to_front() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leverage to inject backdoors or create new administrative user accounts to name a few things.
Affected versions: Min -, max -.
Status: vulnerable