CVE-2025-11889 | AIO Forms Plugin up to 1.3.15 on WordPress ZIP Import unrestricted upload

October 24, 2025 Yanac

A vulnerability was found in AIO Forms Plugin up to 1.3.15 on WordPress and classified as critical. The impacted element is an unknown function of the component ZIP Import. Such manipulation leads to unrestricted upload.

This vulnerability is uniquely identified as CVE-2025-11889. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More

CVE-2025-10901 | Originality.ai AI Checker Plugin up to 1.0.12 on WordPress ai_get_table authorization
CVE-2025-11992 | Multi Item Responsive Slider Plugin up to 1.0 on WordPress Setting mioptions.php cross-site request forgery