CVE-2025-6782 is an SQL Injection vulnerability classified under CWE-89, found in the GoZen Forms plugin for WordPress, specifically in all versions up to and including 1.1.5. The vulnerability arises from improper neutralization of special elements in the 'forms-id' parameter within the dirGZActiveForm() function. The plugin fails to properly escape user-supplied input and does not use prepared statements or parameterized queries, allowing attackers to append arbitrary SQL commands to existing queries. This flaw enables unauthenticated remote attackers to execute unauthorized SQL queries against the backend database, potentially extracting sensitive information such as user data, credentials, or other confidential content stored in the database. The vulnerability is remotely exploitable without any authentication or user interaction, increasing its risk profile. The CVSS v3.1 base score is 7.5, reflecting high severity due to the ease of exploitation and the impact on confidentiality. No patches or official fixes are currently linked, and no known exploits have been reported in the wild as of the publication date. The vulnerability affects all versions of the plugin, indicating a need for urgent remediation. Given the widespread use of WordPress and the popularity of form plugins, this vulnerability could be leveraged in targeted attacks or automated scanning campaigns.

The primary impact of CVE-2025-6782 is the unauthorized disclosure of sensitive information stored within the WordPress site's database. Attackers exploiting this vulnerability can extract user credentials, personal data, or other confidential information, leading to privacy violations, identity theft, or further compromise of the affected systems. Although the vulnerability does not directly affect data integrity or availability, the exposure of sensitive data can facilitate subsequent attacks such as phishing, privilege escalation, or lateral movement within an organization's network. Organizations using the GoZen Forms plugin are at risk of data breaches, reputational damage, and potential regulatory penalties depending on the nature of the compromised data. The fact that exploitation requires no authentication or user interaction increases the likelihood of automated exploitation attempts. This vulnerability could be particularly damaging for organizations handling sensitive customer or employee information, including e-commerce sites, healthcare providers, and financial institutions. The lack of known exploits in the wild currently provides a window for proactive mitigation, but the risk remains high due to the ease of exploitation and the critical nature of the data potentially exposed.

To mitigate CVE-2025-6782, organizations should immediately assess their use of the GoZen Forms plugin and upgrade to a patched version once available. In the absence of an official patch, administrators should consider disabling or uninstalling the plugin to eliminate exposure. Implementing Web Application Firewalls (WAFs) with custom rules to detect and block suspicious SQL injection patterns targeting the 'forms-id' parameter can provide interim protection. Conduct thorough input validation and sanitization on all user-supplied data, especially parameters used in database queries. Employ parameterized queries or prepared statements in custom code interacting with the plugin or database to prevent injection attacks. Regularly monitor web server and application logs for unusual query patterns or repeated access attempts to the vulnerable endpoint. Additionally, restrict database user permissions to the minimum necessary to limit the impact of any successful injection. Organizations should also conduct security awareness training for developers and administrators to recognize and remediate injection vulnerabilities. Finally, maintain up-to-date backups and have an incident response plan ready in case of compromise.