CWE-639
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
CVE-2025-14998 (GCVE-0-2025-14998)
Vulnerability from cvelistv5 – Published: 2026-01-02 01:48 – Updated: 2026-04-08 17:15
VLAI
Title
Branda – White Label & Branding, Free Login Page Customizer <= 3.4.24 - Unauthenticated Privilege Escalation via Account Takeover
Summary
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Severity
9.8 (Critical)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| wpmudev | Branda – White Label & Branding, Free Login Page Customizer |
Affected:
0 , ≤ 3.4.24
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14998",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-05T20:33:41.996720Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T20:39:35.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Branda \u2013 White Label \u0026 Branding, Free Login Page Customizer",
"vendor": "wpmudev",
"versions": [
{
"lessThanOrEqual": "3.4.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Drew Webber"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user\u0027s identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user\u0027s passwords, including administrators, and leverage that to gain access to their account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:15:21.481Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae46be82-570f-4172-9c3f-746b894b84b9?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/branda-white-labeling/tags/3.4.24/inc/modules/login-screen/signup-password.php#L24"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3429115/branda-white-labeling#file1749"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-20T15:17:14.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-01-01T13:29:04.000Z",
"value": "Disclosed"
}
],
"title": "Branda \u2013 White Label \u0026 Branding, Free Login Page Customizer \u003c= 3.4.24 - Unauthenticated Privilege Escalation via Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14998",
"datePublished": "2026-01-02T01:48:20.495Z",
"dateReserved": "2025-12-20T15:01:44.895Z",
"dateUpdated": "2026-04-08T17:15:21.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15001 (GCVE-0-2025-15001)
Vulnerability from cvelistv5 – Published: 2026-01-06 04:31 – Updated: 2026-04-08 16:41
VLAI
Title
FS Registration Password <= 1.0.1 - Unauthenticated Privilege Escalation via Account Takeover
Summary
The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Severity
9.8 (Critical)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| fsylum | FS Registration Password |
Affected:
0 , ≤ 1.0.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T14:36:55.437355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T14:37:02.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FS Registration Password",
"vendor": "fsylum",
"versions": [
{
"lessThanOrEqual": "1.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Drew Webber"
}
],
"descriptions": [
{
"lang": "en",
"value": "The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user\u0027s identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user\u0027s passwords, including administrators, and leverage that to gain access to their account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:41:37.094Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/22351b90-fc34-44ce-9241-4a0f01eb7b1c?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/registration-password/tags/1.0.1/src/WP/Auth.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3431651/registration-password"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-05T16:31:31.000Z",
"value": "Disclosed"
}
],
"title": "FS Registration Password \u003c= 1.0.1 - Unauthenticated Privilege Escalation via Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-15001",
"datePublished": "2026-01-06T04:31:55.460Z",
"dateReserved": "2025-12-20T18:36:03.748Z",
"dateUpdated": "2026-04-08T16:41:37.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15018 (GCVE-0-2025-15018)
Vulnerability from cvelistv5 – Published: 2026-01-07 08:21 – Updated: 2026-04-08 17:35
VLAI
Title
Optional Email <= 1.3.11 - Unauthenticated Privilege Escalation to Account Takeover
Summary
The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in all versions up to, and including, 1.3.11. This is due to the plugin not restricting its 'random_password' filter to registration contexts, allowing the filter to affect password reset key generation. This makes it possible for unauthenticated attackers to set a known password reset key when initiating a password reset, reset the password of any user including administrators, and gain access to their accounts.
Severity
9.8 (Critical)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| djanym | Optional Email |
Affected:
0 , ≤ 1.3.11
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T16:17:34.204773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T16:17:43.019Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Optional Email",
"vendor": "djanym",
"versions": [
{
"lessThanOrEqual": "1.3.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Drew Webber"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in all versions up to, and including, 1.3.11. This is due to the plugin not restricting its \u0027random_password\u0027 filter to registration contexts, allowing the filter to affect password reset key generation. This makes it possible for unauthenticated attackers to set a known password reset key when initiating a password reset, reset the password of any user including administrators, and gain access to their accounts."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:35:18.878Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ff4243e9-cf72-40d5-bc7d-204426024a1d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/optional-email/tags/1.3.11/optional-email.php?marks=44,51#L44"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-19T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2026-01-06T19:57:29.000Z",
"value": "Disclosed"
}
],
"title": "Optional Email \u003c= 1.3.11 - Unauthenticated Privilege Escalation to Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-15018",
"datePublished": "2026-01-07T08:21:57.437Z",
"dateReserved": "2025-12-22T02:54:37.143Z",
"dateUpdated": "2026-04-08T17:35:18.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15025 (GCVE-0-2025-15025)
Vulnerability from cvelistv5 – Published: 2026-05-14 12:59 – Updated: 2026-05-14 13:44
VLAI
Title
IDOR in Yordam Informatics' Library Automation System
Summary
Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers.
This issue affects Library Automation System: from v.21.6 before v.22.1.
Severity
8.8 (High)
CWE
- CWE-639 - Authorization bypass through User-Controlled key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. | Library Automation System |
Affected:
v.21.6 , < v.22.1
(custom)
|
Date Public
2026-05-14 12:49
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T13:44:10.967787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T13:44:16.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Library Automation System",
"vendor": "Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.",
"versions": [
{
"lessThan": "v.22.1",
"status": "affected",
"version": "v.21.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Serdar \u00c7ATAL"
}
],
"datePublic": "2026-05-14T12:49:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers.\u003cp\u003eThis issue affects Library Automation System: from v.21.6 before v.22.1.\u003c/p\u003e"
}
],
"value": "Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers.\n\nThis issue affects Library Automation System: from v.21.6 before v.22.1."
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Identifiers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization bypass through User-Controlled key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T12:59:51.988Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0240"
}
],
"source": {
"advisory": "TR-26-0240",
"defect": [
"TR-26-0240"
],
"discovery": "UNKNOWN"
},
"title": "IDOR in Yordam Informatics\u0027 Library Automation System",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-15025",
"datePublished": "2026-05-14T12:59:51.988Z",
"dateReserved": "2025-12-22T08:06:59.161Z",
"dateUpdated": "2026-05-14T13:44:16.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15096 (GCVE-0-2025-15096)
Vulnerability from cvelistv5 – Published: 2026-02-11 09:49 – Updated: 2026-04-08 17:19
VLAI
Title
Videospirecore Theme Plugin <= 1.0.6 - Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover
Summary
The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
Severity
8.8 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kamleshyadav | Videospirecore Theme Plugin |
Affected:
0 , ≤ 1.0.6
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:19:53.235453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:20:08.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Videospirecore Theme Plugin",
"vendor": "kamleshyadav",
"versions": [
{
"lessThanOrEqual": "1.0.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nguyen Tan Phat"
}
],
"descriptions": [
{
"lang": "en",
"value": "The \u0027Videospirecore Theme Plugin\u0027 plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user\u0027s identity prior to updating their details like email. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user\u0027s email addresses, including administrators, and leverage that to reset the user\u0027s password and gain access to their account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:19:22.736Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf152269-73e1-473f-8d97-ce94e9b885d0?source=cve"
},
{
"url": "https://themeforest.net/item/videospire-video-streaming-ott-platform-wordpress-theme/39243225?s_rank=1"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-10T21:29:59.000Z",
"value": "Disclosed"
}
],
"title": "Videospirecore Theme Plugin \u003c= 1.0.6 - Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-15096",
"datePublished": "2026-02-11T09:49:23.282Z",
"dateReserved": "2025-12-25T15:05:00.627Z",
"dateUpdated": "2026-04-08T17:19:22.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15147 (GCVE-0-2025-15147)
Vulnerability from cvelistv5 – Published: 2026-02-09 23:23 – Updated: 2026-04-08 17:21
VLAI
Title
WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.11.8 - Insecure Direct Object Reference to Update Membership Payment
Summary
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvm_Memberships_Payment_Controller::processing' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify other users' membership payments.
Severity
4.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| wclovers | WCFM Membership – WooCommerce Memberships for Multivendor Marketplace |
Affected:
0 , ≤ 2.11.8
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15147",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T16:47:21.782233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:47:58.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WCFM Membership \u2013 WooCommerce Memberships for Multivendor Marketplace",
"vendor": "wclovers",
"versions": [
{
"lessThanOrEqual": "2.11.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jing Xuan Sun"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WCFM Membership \u2013 WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the \u0027WCFMvm_Memberships_Payment_Controller::processing\u0027 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify other users\u0027 membership payments."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:21:40.486Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c8d286db-b2a7-46c4-825f-dc67dda8a63d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3455830/wc-multivendor-membership#file436"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wc-multivendor-membership/tags/2.11.8/controllers/wcfmvm-controller-memberships-payment.php#L32"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-03T12:31:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-09T11:17:32.000Z",
"value": "Disclosed"
}
],
"title": "WCFM Membership \u2013 WooCommerce Memberships for Multivendor Marketplace \u003c= 2.11.8 - Insecure Direct Object Reference to Update Membership Payment"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-15147",
"datePublished": "2026-02-09T23:23:28.319Z",
"dateReserved": "2025-12-27T13:25:09.137Z",
"dateUpdated": "2026-04-08T17:21:40.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15370 (GCVE-0-2025-15370)
Vulnerability from cvelistv5 – Published: 2026-01-16 04:44 – Updated: 2026-04-08 17:26
VLAI
Title
Shield Security <= 21.0.9 - Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticator
Summary
The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaGoogleAuthToggle class due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disable Google Authenticator for any user.
Severity
4.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| paultgoodchild | Shield: Blocks Bots, Protects Users, and Prevents Security Breaches |
Affected:
0 , ≤ 21.0.9
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15370",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T14:43:58.729359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T14:44:37.016Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Shield: Blocks Bots, Protects Users, and Prevents Security Breaches",
"vendor": "paultgoodchild",
"versions": [
{
"lessThanOrEqual": "21.0.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaGoogleAuthToggle class due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disable Google Authenticator for any user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:26:36.042Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d777014a-5397-4062-af39-7ea86589a0d0?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-simple-firewall/tags/21.0.8/src/lib/src/ActionRouter/Actions/MfaGoogleAuthToggle.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3438647/wp-simple-firewall"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-15T15:58:56.000Z",
"value": "Disclosed"
}
],
"title": "Shield Security \u003c= 21.0.9 - Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticator"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-15370",
"datePublished": "2026-01-16T04:44:35.383Z",
"dateReserved": "2025-12-30T17:25:48.869Z",
"dateUpdated": "2026-04-08T17:26:36.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15521 (GCVE-0-2025-15521)
Vulnerability from cvelistv5 – Published: 2026-01-21 01:23 – Updated: 2026-04-08 16:58
VLAI
Title
Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.5.0 - Unauthenticated Privilege Escalation via Account Takeover
Summary
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password and relying solely on a publicly-exposed nonce for authorization. This makes it possible for unauthenticated attackers to change arbitrary user's password, including administrators, and gain access to their account.
Severity
9.8 (Critical)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kodezen | Academy LMS – WordPress LMS Plugin for Complete eLearning Solution |
Affected:
0 , ≤ 3.5.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15521",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T15:30:56.215183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T15:43:35.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Academy LMS \u2013 WordPress LMS Plugin for Complete eLearning Solution",
"vendor": "kodezen",
"versions": [
{
"lessThanOrEqual": "3.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "vgo0"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Academy LMS \u2013 WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user\u0027s identity prior to updating their password and relying solely on a publicly-exposed nonce for authorization. This makes it possible for unauthenticated attackers to change arbitrary user\u0027s password, including administrators, and gain access to their account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:58:00.512Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6687ebbe-fdf4-4ecb-bf59-034bb4b0104c?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/academy/tags/3.5.0/includes/functions.php#L1581"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-31T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2026-01-14T15:47:53.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-01-20T11:36:57.000Z",
"value": "Disclosed"
}
],
"title": "Academy LMS \u2013 WordPress LMS Plugin for Complete eLearning Solution \u003c= 3.5.0 - Unauthenticated Privilege Escalation via Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-15521",
"datePublished": "2026-01-21T01:23:31.967Z",
"dateReserved": "2026-01-14T15:32:20.670Z",
"dateUpdated": "2026-04-08T16:58:00.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15582 (GCVE-0-2025-15582)
Vulnerability from cvelistv5 – Published: 2026-02-20 16:32 – Updated: 2026-02-23 19:01
VLAI
Title
detronetdip E-commerce Product Management Update authorization
Summary
A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the argument ID results in authorization bypass. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Severity
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.346486 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.346486 | signaturepermissions-required |
| https://vuldb.com/?submit.754030 | third-party-advisory |
| https://github.com/detronetdip/E-commerce/issues/23 | issue-tracking |
| https://github.com/Nixon-H/Ecommerce-IDOR-Product… | exploit |
| https://github.com/detronetdip/E-commerce/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| detronetdip | E-commerce |
Affected:
1.0.0
cpe:2.3:a:detronetdip:e-commerce:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15582",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-23T19:01:25.916006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T19:01:50.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:detronetdip:e-commerce:*:*:*:*:*:*:*:*"
],
"modules": [
"Product Management Module"
],
"product": "E-commerce",
"vendor": "detronetdip",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nixon-H (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the argument ID results in authorization bypass. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.5,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T10:26:34.208Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-346486 | detronetdip E-commerce Product Management Update authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.346486"
},
{
"name": "VDB-346486 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.346486"
},
{
"name": "Submit #754030 | detronetdip E-commerce 1.0 Access Control Violation",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.754030"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/detronetdip/E-commerce/issues/23"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Nixon-H/Ecommerce-IDOR-Product-Manipulation"
},
{
"tags": [
"product"
],
"url": "https://github.com/detronetdip/E-commerce/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-18T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-22T19:49:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "detronetdip E-commerce Product Management Update authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15582",
"datePublished": "2026-02-20T16:32:07.871Z",
"dateReserved": "2026-02-18T14:09:50.957Z",
"dateUpdated": "2026-02-23T19:01:50.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15626 (GCVE-0-2025-15626)
Vulnerability from cvelistv5 – Published: 2026-04-27 12:47 – Updated: 2026-04-27 13:57
VLAI
Title
Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application
Summary
Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application
Severity
CWE
- CWE-639 - Authorization bypass through User-Controlled key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ribblr.com/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ribblr | Crotchet and Knitting |
Affected:
2.5
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15626",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T13:57:28.918618Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T13:57:35.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"iOS"
],
"product": "Crotchet and Knitting",
"vendor": "Ribblr",
"versions": [
{
"status": "affected",
"version": "2.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aino Kivilahti"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated user can bypass authorization in Ribblr - Crochet \u0026amp; Knitting iOS application"
}
],
"value": "Authenticated user can bypass authorization in Ribblr - Crochet \u0026 Knitting iOS application"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization bypass through User-Controlled key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T12:47:43.307Z",
"orgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166",
"shortName": "NCSC-FI"
},
"references": [
{
"url": "https://ribblr.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated user can bypass authorization in Ribblr - Crochet \u0026 Knitting iOS application",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166",
"assignerShortName": "NCSC-FI",
"cveId": "CVE-2025-15626",
"datePublished": "2026-04-27T12:47:43.307Z",
"dateReserved": "2026-04-09T08:02:43.824Z",
"dateUpdated": "2026-04-27T13:57:35.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Phase: Architecture and Design
Description:
- Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.