CVE-2025-3876

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in all versions up to, and including, 3.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impersonate any account by supplying its username or email and elevate their privileges to that of an administrator.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/sms-alert/tags/3.8.0/handler/forms/class-wplogin.php#L145
https://plugins.trac.wordpress.org/browser/sms-alert/tags/3.8.0/handler/forms/class-wplogin.php#L447
https://plugins.trac.wordpress.org/changeset/3290478/
https://wordpress.org/plugins/sms-alert/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/1cf65f79-d386-4dd4-a360-b2f764dfaf19?source=cve

Configurations

No configuration.

History

12 May 2025, 17:32

Type	Values Removed	Values Added
Summary		(es) El complemento SMS Alert Order Notifications – WooCommerce para WordPress es vulnerable a la Escalada de Privilegios debido a una validación OTP insuficiente en la función handleWpLoginCreateUserAction() en todas las versiones hasta la 3.8.1 incluida. Esto permite a atacantes autenticados, con acceso de suscriptor o superior, suplantar la identidad de cualquier cuenta proporcionando su nombre de usuario o correo electrónico y elevar sus privilegios a los de administrador.

10 May 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-10 12:15

Updated : 2025-05-12 17:32

NVD link : CVE-2025-3876

Mitre link : CVE-2025-3876

CVE.ORG link : CVE-2025-3876

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

{"id": "CVE-2025-3876", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-05-10T12:15:35.670", "references": [{"url": "https://plugins.trac.wordpress.org/browser/sms-alert/tags/3.8.0/handler/forms/class-wplogin.php#L145", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/sms-alert/tags/3.8.0/handler/forms/class-wplogin.php#L447", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset/3290478/", "source": "security@wordfence.com"}, {"url": "https://wordpress.org/plugins/sms-alert/#developers", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1cf65f79-d386-4dd4-a360-b2f764dfaf19?source=cve", "source": "security@wordfence.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The SMS Alert Order Notifications \u2013 WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in all versions up to, and including, 3.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impersonate any account by supplying its username or email and elevate their privileges to that of an administrator."}, {"lang": "es", "value": "El complemento SMS Alert Order Notifications \u2013 WooCommerce para WordPress es vulnerable a la Escalada de Privilegios debido a una validaci\u00f3n OTP insuficiente en la funci\u00f3n handleWpLoginCreateUserAction() en todas las versiones hasta la 3.8.1 incluida. Esto permite a atacantes autenticados, con acceso de suscriptor o superior, suplantar la identidad de cualquier cuenta proporcionando su nombre de usuario o correo electr\u00f3nico y elevar sus privilegios a los de administrador."}], "lastModified": "2025-05-12T17:32:32.760", "sourceIdentifier": "security@wordfence.com"}