CVE-2025-3848

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-3848
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-25171. Reason: This candidate is a reservation duplicate of CVE-2025-25171. Notes: All CVE users should reference CVE-2025-25171 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

24 Jul 2025, 21:15

Type Values Removed Values Added
CPE cpe:2.3:a:themesgrove:wp_smartpay:*:*:*:*:*:wordpress:*:*
CWE CWE-639
CVSS v2 : unknown
v3 : 8.8 		v2 : unknown
v3 : unknown
References
  • {'url': 'https://plugins.trac.wordpress.org/browser/smartpay/tags/2.7.13/app/Http/Controllers/Rest/CustomerController.php#L51', 'tags': ['Product'], 'source': 'security@wordfence.com'}
  • {'url': 'https://www.wordfence.com/threat-intel/vulnerabilities/id/c197e26f-745b-481a-a7b5-79d1211c02ea?source=cve', 'tags': ['Third Party Advisory'], 'source': 'security@wordfence.com'}
Summary
  • (es) El complemento Download Manager and Payment Form WordPress Plugin – WP SmartPay de WordPress es vulnerable a la escalada de privilegios mediante el robo de cuenta en las versiones 1.1.0 a 2.7.13. Esto se debe a que el complemento no valida correctamente la identidad del usuario antes de actualizar su correo electrónico mediante la función update(). Esto permite a atacantes autenticados, con acceso de suscriptor o superior, cambiar las direcciones de correo electrónico de cualquier usuario, incluyendo administradores, y aprovechar esta situación para restablecer la contraseña del usuario y acceder a su cuenta.
Summary (en) The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 1.1.0 to 2.7.13. This is due to the plugin not properly validating a user's identity prior to updating their email through the update() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. (en) Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-25171. Reason: This candidate is a reservation duplicate of CVE-2025-25171. Notes: All CVE users should reference CVE-2025-25171 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

16 Jul 2025, 15:45

Type Values Removed Values Added
References () https://plugins.trac.wordpress.org/browser/smartpay/tags/2.7.13/app/Http/Controllers/Rest/CustomerController.php#L51 - () https://plugins.trac.wordpress.org/browser/smartpay/tags/2.7.13/app/Http/Controllers/Rest/CustomerController.php#L51 - Product
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/c197e26f-745b-481a-a7b5-79d1211c02ea?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/c197e26f-745b-481a-a7b5-79d1211c02ea?source=cve - Third Party Advisory
First Time Themesgrove
Themesgrove wp Smartpay
CPE cpe:2.3:a:themesgrove:wp_smartpay:*:*:*:*:*:wordpress:*:*

03 Jul 2025, 15:14

Type Values Removed Values Added
Summary
  • (es) El complemento Download Manager and Payment Form WordPress Plugin – WP SmartPay de WordPress es vulnerable a la escalada de privilegios mediante el robo de cuenta en las versiones 1.1.0 a 2.7.13. Esto se debe a que el complemento no valida correctamente la identidad del usuario antes de actualizar su correo electrónico mediante la función update(). Esto permite a atacantes autenticados, con acceso de suscriptor o superior, cambiar las direcciones de correo electrónico de cualquier usuario, incluyendo administradores, y aprovechar esta situación para restablecer la contraseña del usuario y acceder a su cuenta.

02 Jul 2025, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-02 04:15

Updated : 2025-07-24 21:15

NVD link : CVE-2025-3848

Mitre link : CVE-2025-3848

CVE.ORG link : CVE-2025-3848

JSON object : View

Products Affected

No product.

CWE

No CWE.