{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8420", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-31T14:35:50.620Z", "datePublished": "2025-08-06T02:24:12.120Z", "dateUpdated": "2026-04-08T16:56:28.904Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:56:28.904Z"}, "affected": [{"vendor": "emarket-design", "product": "Campus Directory \u2013 Faculty, Staff & Student Directory Plugin for WordPress", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.9.2", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "emarket-design", "product": "Request a Quote Form Plugin \u2013 Price Quote Request Management Made Easy", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.5.2", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "emarket-design", "product": "Video Gallery \u2013 YouTube Gallery & Responsive Video Playlist", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.5.2", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "emarket-design", "product": "Simple Contact Form Plugin for WordPress \u2013 WP Easy Contact", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.0.2", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "emarket-design", "product": "Event RSVP and Simple Event Management Plugin", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.2.1", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "cyberlord92", "product": "Employee Directory \u2013 Staff Directory and Listing", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.5.2", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "emarket-design", "product": "Project Management, Bug and Issue Tracking Plugin \u2013 Software Issue Manager", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.0.0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "emarket-design", "product": "Customer Support Ticket System & Helpdesk Plugin for WordPress", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "6.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in various versions via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called"}], "title": "Multiple Plugins by emarket-design <= Multiple Versions - Unauthenticated Limited Remote Code Execution", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/601aa2b5-aeac-49bc-960d-4b4ff83e9229?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3338854%40request-a-quote&new=3338854%40request-a-quote&sfp_email=&sfph_mail="}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3340992%40software-issue-manager&new=3340992%40software-issue-manager&sfp_email=&sfph_mail="}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3341064%40wp-ticket&new=3341064%40wp-ticket&sfp_email=&sfph_mail="}, {"url": "https://plugins.trac.wordpress.org/changeset/3346435/"}, {"url": "https://plugins.trac.wordpress.org/changeset/3346460/"}, {"url": "https://plugins.trac.wordpress.org/changeset/3347084/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3348220%40wp-easy-events&new=3348220%40wp-easy-events&sfp_email=&sfph_mail="}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3365190%40youtube-showcase&new=3365190%40youtube-showcase&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", "cweId": "CWE-95", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Michael Mazzolini"}, {"lang": "en", "type": "finder", "value": "Youcef Hamdani"}], "timeline": [{"time": "2025-07-31T14:51:03.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-08-05T13:47:52.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-06T13:36:13.606539Z", "id": "CVE-2025-8420", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-06T13:36:32.676Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8420", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-06T13:36:13.606539Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-06T13:36:24.370Z"}}], "cna": {"title": "Multiple Plugins by emarket-design <= Multiple Versions - Unauthenticated Limited Remote Code Execution", "credits": [{"lang": "en", "type": "finder", "value": "Michael Mazzolini"}, {"lang": "en", "type": "finder", "value": "Youcef Hamdani"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "emarket-design", "product": "Campus Directory \u2013 Faculty, Staff & Student Directory Plugin for WordPress", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.9.2"}], "defaultStatus": "unaffected"}, {"vendor": "emarket-design", "product": "Request a Quote Form Plugin \u2013 Price Quote Request Management Made Easy", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.5.2"}], "defaultStatus": "unaffected"}, {"vendor": "emarket-design", "product": "Video Gallery \u2013 YouTube Gallery & Responsive Video Playlist", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.5.2"}], "defaultStatus": "unaffected"}, {"vendor": "emarket-design", "product": "Simple Contact Form Plugin for WordPress \u2013 WP Easy Contact", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.0.2"}], "defaultStatus": "unaffected"}, {"vendor": "emarket-design", "product": "Event RSVP and Simple Event Management Plugin", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.2.1"}], "defaultStatus": "unaffected"}, {"vendor": "cyberlord92", "product": "Employee Directory \u2013 Staff Directory and Listing", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.5.2"}], "defaultStatus": "unaffected"}, {"vendor": "emarket-design", "product": "Project Management, Bug and Issue Tracking Plugin \u2013 Software Issue Manager", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "5.0.0"}], "defaultStatus": "unaffected"}, {"vendor": "emarket-design", "product": "Customer Support Ticket System & Helpdesk Plugin for WordPress", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "6.0.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-31T14:51:03.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-08-05T13:47:52.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/601aa2b5-aeac-49bc-960d-4b4ff83e9229?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3338854%40request-a-quote&new=3338854%40request-a-quote&sfp_email=&sfph_mail="}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3340992%40software-issue-manager&new=3340992%40software-issue-manager&sfp_email=&sfph_mail="}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3341064%40wp-ticket&new=3341064%40wp-ticket&sfp_email=&sfph_mail="}, {"url": "https://plugins.trac.wordpress.org/changeset/3346435/"}, {"url": "https://plugins.trac.wordpress.org/changeset/3346460/"}, {"url": "https://plugins.trac.wordpress.org/changeset/3347084/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3348220%40wp-easy-events&new=3348220%40wp-easy-events&sfp_email=&sfph_mail="}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3365190%40youtube-showcase&new=3365190%40youtube-showcase&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in various versions via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-95", "description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:56:28.904Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8420", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:56:28.904Z", "dateReserved": "2025-07-31T14:35:50.620Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-08-06T02:24:12.120Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in various versions via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called"}, {"lang": "es", "value": "El complemento Request a Quote Form para WordPress es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo en versiones anteriores o iguales a la 2.5.2 a trav\u00e9s de la funci\u00f3n emd_form_builder_lite_pagenum. Esto se debe a que el complemento no valida correctamente la entrada del usuario antes de usarla como nombre de funci\u00f3n. Esto permite que atacantes no autenticados ejecuten c\u00f3digo en el servidor; sin embargo, no se pueden pasar par\u00e1metros a las funciones llamadas."}], "id": "CVE-2025-8420", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-08-06T03:15:27.730", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3346435/"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3346460/"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3347084/"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3338854%40request-a-quote&new=3338854%40request-a-quote&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3340992%40software-issue-manager&new=3340992%40software-issue-manager&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3341064%40wp-ticket&new=3341064%40wp-ticket&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3348220%40wp-easy-events&new=3348220%40wp-easy-events&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3365190%40youtube-showcase&new=3365190%40youtube-showcase&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/601aa2b5-aeac-49bc-960d-4b4ff83e9229?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-95"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T03:39:44.547814+00:00", "value": {"mitigation_remediation": ["Update all emarket\u2011design plugins to the latest releases that include the emd\u2011form\u2011builder\u2011lite patch.", "If an update is not feasible, remove or deactivate the emd\u2011form\u2011builder\u2011lite component from the affected plugins to eliminate the vulnerable function.", "Restrict administrative access to the WordPress installation and configure a web application firewall rule to block crafted requests targeting the emd_form_builder_lite_pagenum end\u2011point."], "summary": {"action": "Apply Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected products encompass a range of emarket\u2011design WordPress plugins including the Employee Directory, Campus Directory, Customer Support Ticket System, Event RSVP, Project Management, Request a Quote Form, Simple Contact Form, and Video Gallery plug\u2011ins, as well as the cyberlord92 Employee Directory \u2013 Staff Directory and Listing. All versions that bundle the 'emd-form-builder-lite' package are vulnerable; specific version numbers are not supplied in the advisory. Site owners running any of these plugins on a WordPress installation should assume that the components are at risk until patched.", "description_and_impact": "An unauthenticated remote code execution flaw exists in a number of WordPress plugins from emarket\u2011design where the emd_form_builder_lite_pagenum function accepts user input and uses it directly as a callable function name without validation or sanitization. This lack of verification allows an attacker to force the plugin to invoke arbitrary PHP functions on the server, potentially altering application data, reading sensitive files, or loading malicious code. The weakness corresponds to Code Injection (CWE\u201195). Because the vulnerability permits execution without passing arguments, the impact is limited to function calls that do not require parameters, but the ability to execute any permitted function already endangers system integrity.", "risk_and_exploitability": "The CVSS score of 8.1 indicates a high severity vulnerability, while the EPSS score of less than 1% suggests a low current exploitation probability. The issue is not yet listed in the CISA KEV catalog. Attackers can exploit the flaw over the public web interfaces exposed by WordPress, requiring no prior authentication. Because the vulnerable endpoint can be accessed by any user, the risk surface is broad and the potential impact for an attacker is substantial if the site accepts an unexpected function name. Administrators should treat this as a high\u2011risk condition while the fix is applied."}}}}, "created": "2025-08-06T07:50:25.254076+00:00", "updated": "2026-04-21T03:45:27.379028+00:00", "vendors": ["emarketdesign", "emarketdesign$PRODUCT$request_a_quote", "wordpress", "wordpress$PRODUCT$wordpress"]}