🔐 CVE Alert

CVE-2025-8420

HIGH 8.1

Multiple Plugins by emarket-design <= Multiple Versions - Unauthenticated Limited Remote Code Execution

CVSS Score
8.1
EPSS Score
0.0%
EPSS Percentile
0th

Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in various versions via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called

CWE CWE-95
Vendor emarket-design
Product campus directory – faculty, staff & student directory plugin for wordpress
Published Aug 6, 2025
Last Updated Apr 8, 2026
Stay Ahead of the Next One

Get instant alerts for emarket-design campus directory – faculty, staff & student directory plugin for wordpress

Be the first to know when new high vulnerabilities affecting emarket-design campus directory – faculty, staff & student directory plugin for wordpress are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

emarket-design / Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress
0 ≤ 1.9.2
emarket-design / Request a Quote Form Plugin – Price Quote Request Management Made Easy
0 ≤ 2.5.2
emarket-design / Video Gallery – YouTube Gallery & Responsive Video Playlist
0 ≤ 3.5.2
emarket-design / Simple Contact Form Plugin for WordPress – WP Easy Contact
0 ≤ 4.0.2
emarket-design / Event RSVP and Simple Event Management Plugin
0 ≤ 4.2.1
cyberlord92 / Employee Directory – Staff Directory and Listing
0 ≤ 4.5.2
emarket-design / Project Management, Bug and Issue Tracking Plugin – Software Issue Manager
0 ≤ 5.0.0
emarket-design / Customer Support Ticket System & Helpdesk Plugin for WordPress
0 ≤ 6.0.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/601aa2b5-aeac-49bc-960d-4b4ff83e9229?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3338854%40request-a-quote&new=3338854%40request-a-quote&sfp_email=&sfph_mail= plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3340992%40software-issue-manager&new=3340992%40software-issue-manager&sfp_email=&sfph_mail= plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3341064%40wp-ticket&new=3341064%40wp-ticket&sfp_email=&sfph_mail= plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3346435/ plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3346460/ plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3347084/ plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3348220%40wp-easy-events&new=3348220%40wp-easy-events&sfp_email=&sfph_mail= plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3365190%40youtube-showcase&new=3365190%40youtube-showcase&sfp_email=&sfph_mail=

Credits

Michael Mazzolini Youcef Hamdani