Lucene search
+L

5 matches found

NVD
NVD
added 2025/05/09 3:15 a.m.14 views

CVE-2025-3811

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email through the editnewdatacustomercallback function...

9.8CVSS0.00634EPSS
Exploits0References2
Circl
Circl
added 2025/05/09 2:25 a.m.19 views

CVE-2025-3811

creationtimestamp| type| source ---|---|--- 2025-05-09 02:25:31+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15656 2025-05-09 04:41:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lopmefntwq2p 2025-05-09 05:01:06+00:00| seen|...

9.8CVSS8.7AI score0.00634EPSS
Exploits0References4
CVE
CVE
added 2025/05/09 1:42 a.m.67 views

CVE-2025-3811

CVE-2025-3811 (WPBookit) affects the WordPress plugin WPBookit in all versions up to 1.0.2. The issue is an authentication/identity validation flaw in edit_newdata_customer_callback() that allows an unauthenticated attacker to change arbitrary users’ emails (including administrators), enabling pa...

9.8CVSS9.8AI score0.00634EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/05/09 1:42 a.m.20 views

CVE-2025-3811 WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email through the editnewdatacustomercallback function...

9.8CVSS0.00634EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/09 1:42 a.m.10 views

CVE-2025-3811 WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email through the editnewdatacustomercallback function...

9.8CVSS9.8AI score0.00634EPSS
Exploits0References2
Rows per page
Query Builder