CVE-2025-69015

LOW

Automattic Crowdsignal Forms <1.7.3 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-69015. PoCs published by Sudo-WP.

AI-analyzed exploit summary This repository is a security-hardened fork of the Crowdsignal Forms plugin, addressing CVE-2025-69015, a critical Missing Authorization vulnerability. It includes detailed security documentation, audit results, and patch information but does not contain exploit code.

Description

Missing Authorization vulnerability in Automattic Crowdsignal Forms crowdsignal-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crowdsignal Forms: from n/a through <= 1.7.2.

Exploits (1)

nomisec WRITEUP
by Sudo-WP · poc
https://github.com/Sudo-WP/sudowp-crowdsignal-forms

This repository is a security-hardened fork of the Crowdsignal Forms plugin, addressing CVE-2025-69015, a critical Missing Authorization vulnerability. It includes detailed security documentation, audit results, and patch information but does not contain exploit code.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Crowdsignal Forms plugin versions <= 1.7.2
Auth required
Prerequisites: Authenticated user access to WordPress · Crowdsignal Forms plugin version <= 1.7.2 installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 3.8
EPSS 0.0032
EPSS Percentile 23.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (2)
Automattic/Crowdsignal Forms < 1.7.2
Automattic/Crowdsignal Forms < <= 1.7.2
Published Dec 30, 2025
Tracked Since Feb 18, 2026