CVE-2025-3810

EPSS 0.57%
Veröffentlicht 09.05.2025 01:42:34
Zuletzt bearbeitet 27.06.2025 17:39:17
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the edit_profile_data() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses and passwords, including administrators, and leverage that to gain access to their account.

Mögliche Gegenmaßnahme

WPBookit: Update to version 1.0.3, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt WPBookit

Version *-1.0.2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Iqonic ≫ Wpbookit SwEditionfree SwPlatformwordpress Version < 1.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.57%	0.682

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://www.wordfence.com/threat-intel/vulnerabilities/id/54f1ebfb-67f1-461d-91f1-269b0a2c0653?source=cve

Third Party Advisory

https://plugins.trac.wordpress.org/changeset/3278939/wpbookit/trunk/core/admin/classes/controllers/class.wpb-profile-controller.php

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/54f1ebfb-67f1-461d-91f1-269b0a2c0653

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-3810

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-3810

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-3810

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-3810