How ZeroPath Works
Back to Blog

Critical RCE in GB Forms DB Plugin (CVE-2025-5392) Threatens WordPress Sites

A critical remote code execution vulnerability (CVE-2025-5392) in the GB Forms DB WordPress plugin allows attackers to execute arbitrary code, posing severe risks to site security.
CVE Analysis

7 min read

ZeroPath Security Research

ZeroPath Security Research

2025-07-10

Critical RCE in GB Forms DB Plugin (CVE-2025-5392) Threatens WordPress Sites

Introduction

WordPress site administrators face a critical threat as a severe remote code execution vulnerability, CVE-2025-5392, has been discovered in the GB Forms DB plugin. This flaw allows attackers to execute arbitrary code without authentication, posing an immediate and significant risk to website security and data integrity.

Technical Information

The vulnerability specifically affects the gbfdb_talk_to_front() function in the GB Forms DB plugin, located in core/functions.php. The function improperly uses PHP's call_user_func() with unsanitized user input, allowing attackers to execute arbitrary PHP functions. The vulnerable code snippet is as follows:

function gbfdb_talk_to_front() {
    $class = $_REQUEST['class'];
    $func = $_REQUEST['func'];
    $params = $_REQUEST['params'];
    call_user_func(array($class, $func), $params);
}

Attackers exploit this vulnerability by sending crafted HTTP POST requests to the admin-ajax.php endpoint, specifying malicious parameters to invoke dangerous PHP functions such as system(). This enables attackers to execute operating system commands, install web shells, or escalate privileges.

Patch Information

The GB Forms DB plugin for WordPress has addressed this critical security vulnerability in version 1.0.2. The update implements proper authentication checks and input validation, ensuring only authenticated users with appropriate permissions can access and execute certain functions. Input data is now thoroughly sanitized and validated, effectively mitigating the risk of unauthorized remote code execution.

Affected Systems and Versions

The vulnerability affects all versions of the GB Forms DB plugin up to and including version 1.0.2. Users running these versions are vulnerable to remote code execution attacks and should update immediately.

Vendor Security History

The GB Forms DB plugin has no previously documented CVEs, but the critical nature of CVE-2025-5392 highlights significant gaps in security practices. The vendor's response to this vulnerability will be critical in determining their commitment to security moving forward.

References

Source: This report was created using AI

If you have suggestions for improvement or feedback, please reach out to us at [email protected]

Detect & fix
what others miss

Get startedBook a demo