Lucene search
+L

5 matches found

nvd
nvd
added 2025/05/09 3:15 a.m.29 views

CVE-2025-3810

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the editprofiledata functio...

9.8CVSS0.00634EPSS
Exploits0References2
circl
circl
added 2025/05/09 2:25 a.m.15 views

CVE-2025-3810

creationtimestamp| type| source ---|---|--- 2025-05-09 02:25:32+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15657 2025-05-09 04:41:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lopmeep5sp2o 2025-05-09 05:01:06+00:00| seen|...

9.8CVSS8.7AI score0.00634EPSS
Exploits0References4
cve
cve
added 2025/05/09 1:42 a.m.67 views

CVE-2025-3810

CVE-2025-3810 (WPBookit, WordPress) is an unauthenticated privilege-escalation vulnerability caused by improper validation in the edit_profile_data() path, enabling attackers to modify any user’s email or password (including admins) and take over accounts. Connected sources confirm the issue affe...

9.8CVSS9.8AI score0.00634EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2025/05/09 1:42 a.m.8 views

CVE-2025-3810 WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the editprofiledata functio...

9.8CVSS9.8AI score0.00634EPSS
Exploits0References2
cvelist
cvelist
added 2025/05/09 1:42 a.m.22 views

CVE-2025-3810 WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the editprofiledata functio...

9.8CVSS0.00634EPSS
Exploits0References2
Rows per page
Query Builder