Platform
wordpress
Component
gb-forms-db
Fixed in
1.0.3
CVE-2025-5392 represents a critical Remote Code Execution (RCE) vulnerability discovered in the GB Forms DB plugin for WordPress. This flaw allows unauthenticated attackers to execute arbitrary code on the server, leading to complete system compromise. The vulnerability affects versions 1.0.0 through 1.0.2, and a patch is available in version 1.0.3.
The impact of CVE-2025-5392 is severe. Successful exploitation allows an attacker to execute arbitrary code on the WordPress server with the privileges of the web server user. This could lead to complete website takeover, data exfiltration, malware installation, and defacement. An attacker could inject malicious code to steal sensitive user data, including login credentials and personal information. Furthermore, they could create new administrative user accounts, granting them persistent access to the system. The lack of authentication required for exploitation significantly broadens the attack surface, making it accessible to a wide range of threat actors.
CVE-2025-5392 was publicly disclosed on 2025-07-11. Public proof-of-concept (PoC) code is likely to emerge quickly due to the vulnerability's ease of exploitation. The CVSS score of 9.8 indicates a critical severity, suggesting a high probability of exploitation. It is recommended to prioritize patching this vulnerability to prevent potential compromise. The vulnerability is not currently listed on CISA KEV as of this writing.
Exploit Status
EPSS
0.64% (70% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-5392 is to immediately upgrade the GB Forms DB plugin to version 1.0.3 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the GB Forms DB plugin. As a short-term workaround, implement strict input validation on the gbfdbtalkto_front() function to sanitize user-supplied data. Web Application Firewall (WAF) rules can be configured to block requests containing suspicious payloads targeting this function. Monitor WordPress logs for unusual activity or attempts to exploit the vulnerability. After upgrading, confirm the fix by attempting to trigger the vulnerable function with a malicious payload – it should now be properly sanitized.
Update the GB Forms DB plugin to version 1.0.3 or higher to mitigate the Remote Code Execution vulnerability. This update addresses how the gbfdb_talk_to_front() function handles user input, preventing unauthorized code execution.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-5392 is a critical Remote Code Execution vulnerability in the GB Forms DB WordPress plugin, allowing attackers to execute code on the server.
You are affected if you are using GB Forms DB versions 1.0.0 through 1.0.2. Check your plugin version and upgrade immediately.
Upgrade the GB Forms DB plugin to version 1.0.3 or later. If upgrading is not possible, disable the plugin temporarily.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of exploitation.
Refer to the GB Forms official website and WordPress plugin repository for the latest advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.