cleantalk
Vulnerabilities and Security Researches

GB Forms DB, CVE-2025-5392

CVE, Research URL

CVE-2025-5392

Home page URL

Security reports for GB Forms DB

Application

GB Forms DB

Published on
Jul 11, 2025
Research Description
The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdb_talk_to_front() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leverage to inject backdoors or create new administrative user accounts to name a few things.
Affected versions
Min -, max 1.0.3.
Status
vulnerable
Previous vulnerability researches
WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins (CVE-2025-2250) , Mar 13, 2025
New vulnerability
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible (CVE-2025-3780) , Jul 12, 2025
Lana Downloads Manager (CVE-2025-7387) , Jul 12, 2025
Internal Linking of Related Contents (CVE-2025-49884) , Jul 12, 2025
Sharable Password Protected Posts (CVE-2025-5920) , Jul 12, 2025
Friends (CVE-2025-7504) , Jul 12, 2025