5 matches found
CVE-2025-3810
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the editprofiledata functio...
CVE-2025-3810
creationtimestamp| type| source ---|---|--- 2025-05-09 02:25:32+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15657 2025-05-09 04:41:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lopmeep5sp2o 2025-05-09 05:01:06+00:00| seen|...
CVE-2025-3810
CVE-2025-3810 (WPBookit, WordPress) is an unauthenticated privilege-escalation vulnerability caused by improper validation in the edit_profile_data() path, enabling attackers to modify any user’s email or password (including admins) and take over accounts. Connected sources confirm the issue affe...
CVE-2025-3810 WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the editprofiledata functio...
CVE-2025-3810 WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the editprofiledata functio...