3 matches found
CVE-2025-3852
creationtimestamp| type| source ---|---|--- 2025-05-07 02:21:36+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15243 2025-05-07 04:26:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lokkl3evr62l 2025-05-07 05:31:29+00:00| seen|...
CVE-2025-3852 WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email & password through the update function. This makes i...
WordPress WPshop 2 plugin 2.0.0-2.6.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
Authenticated Subscriber+ Privilege Escalation via Account Takeover vulnerability discovered by kr0d in WordPress Plugin WP shop versions 2.0.0-2.6.0...