RCE in Cyberlord92 Employee Directory – Staff And Listing
CVE-2025-8420
Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in various versions via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly va…
EPSS: 0.009 (55.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Cyberlord92 Employee Directory – Staff And Listing — versions 0
- Emarket-design Campus Directory – Faculty, Staff & Student Plugin For Wordpress — versions 0
- Emarket-design Customer Support Ticket System & Helpdesk Plugin For Wordpress — versions 0
- Emarket-design Event Rsvp And Simple Management Plugin — versions 0
- Emarket-design Project Management, Bug And Issue Tracking Plugin – Software Manager — versions 0
- Emarket-design Request A Quote Form Plugin – Price Management Made Easy — versions 0
- Emarket-design Simple Contact Form Plugin For Wordpress – Wp Easy — versions 0
- Emarket-design Video Gallery – Youtube & Responsive Playlist — versions 0
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2025-8420?
- CVE-2025-8420 is a high-severity vulnerability in Cyberlord92 Employee Directory – Staff And Listing, classified under Eval Injection. CVSS score: 8.1/10. Published 2025-08-06.
- How severe is CVE-2025-8420?
- High severity. CVSS v3 base score is 8.1 out of 10.