CVE-2025-3851
CVE-2025-3851 affects the WordPress plug‑in WP SmartPay (Download Manager and Payment Form) . The issue is an Insecure Direct Object Reference in the show() function caused by missing validation on a user‑controlled key, which could allow an authenticated attacker with Subscriber+ privileges to v...