CVE-2025-32667: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in fromdoppler Doppler Forms, identified as CVE-2025-32667. The vulnerability affects Doppler Forms versions through 2.4.5 and allows attackers to perform Stored Cross-Site Scripting (XSS) attacks. The vulnerability was discovered by researcher Skalucy and was publicly disclosed on April 9, 2025 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery). This security issue allows unauthenticated attackers to exploit CSRF vulnerabilities that can lead to stored XSS attacks (NVD, Patchstack).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The combination of CSRF with stored XSS capabilities increases the potential impact of successful exploitation (Patchstack).

As of the latest reports, no official fix is available for this vulnerability. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).