CVE-2025-3848

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-3848
The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 1.1.0 to 2.7.13. This is due to the plugin not properly validating a user's identity prior to updating their email through the update() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://plugins.trac.wordpress.org/browser/smartpay/tags/2.7.13/app/Http/Controllers/Rest/CustomerController.php#L51
https://www.wordfence.com/threat-intel/vulnerabilities/id/c197e26f-745b-481a-a7b5-79d1211c02ea?source=cve
Configurations

No configuration.

History

03 Jul 2025, 15:14

Type Values Removed Values Added
Summary
  • (es) El complemento Download Manager and Payment Form WordPress Plugin – WP SmartPay de WordPress es vulnerable a la escalada de privilegios mediante el robo de cuenta en las versiones 1.1.0 a 2.7.13. Esto se debe a que el complemento no valida correctamente la identidad del usuario antes de actualizar su correo electrónico mediante la función update(). Esto permite a atacantes autenticados, con acceso de suscriptor o superior, cambiar las direcciones de correo electrónico de cualquier usuario, incluyendo administradores, y aprovechar esta situación para restablecer la contraseña del usuario y acceder a su cuenta.

02 Jul 2025, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-02 04:15

Updated : 2025-07-03 15:14

NVD link : CVE-2025-3848

Mitre link : CVE-2025-3848

CVE.ORG link : CVE-2025-3848

JSON object : View

Products Affected

No product.

CWE
CWE-639

Authorization Bypass Through User-Controlled Key