CVE-2025-8483: 
WordPress vulnerability analysis and mitigation

The Discussion Board – WordPress Forum Plugin for WordPress contains a vulnerability to arbitrary shortcode execution in versions up to and including 2.5.5. The vulnerability was discovered and disclosed on October 24, 2025, and was assigned CVE-2025-8483. This security issue affects the plugin's functionality that handles user input validation before executing shortcodes (NVD).

The vulnerability stems from improper validation of user input before executing the do_shortcode function. The issue has been assigned a CVSS v3.1 base score of 6.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L. The vulnerability is classified as CWE-94 (Improper Control of Generation of Code) (NVD, Tenable).

The vulnerability allows authenticated attackers with Subscriber-level access or higher to execute arbitrary shortcodes on the affected WordPress installations. This could potentially lead to unauthorized actions and compromise of website functionality (NVD).

The vulnerability has been patched in version 2.5.6 of the Discussion Board plugin, released on October 22, 2025. Users are advised to update to this latest version to protect their installations. The update includes specific fixes for the authenticated arbitrary shortcode execution vulnerability (WordPress Changelog).