cleantalk
Vulnerabilities and Security Researches

AIO Forms – Your #1 companion for those difficult forms, CVE-2025-11889

CVE, Research URL

CVE-2025-11889

Home page URL

Security reports for AIO Forms – Your #1 companion for those difficult forms

Application

AIO Forms – Your #1 companion for those difficult forms

Published on
Oct 24, 2025
Research Description
The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1.3.15. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
max 1.3.15.
Status
vulnerable
Previous vulnerability researches
Accordion Slider Lite (CVE-2024-11892) , Jan 12, 2025
New vulnerability
One Page Express Companion (CVE-2025-62052) , Nov 11, 2025
Boldermail – Email Marketing and Newsletters for WordPress (CVE-2025-52740) , Nov 11, 2025
Block Country (CVE-2025-48077) , Nov 11, 2025
Attesa Extra (CVE-2025-62971) , Nov 11, 2025
Content Locker for Elementor (CVE-2025-10896) , Nov 11, 2025