Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Download Manager and Payment Form WordPress Plugin – WP SmartPay by themesgrove
CVE-2025-3851 (GCVE-0-2025-3851)
Vulnerability from nvd – Published: 2025-05-07 01:43 – Updated: 2025-05-07 14:03
VLAI
Title
Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Subscriber+) Information Exposure
Summary
The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 1.1.0 to 2.7.13 via the show() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user's data like email address, name, and notes.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| themesgrove | Download Manager and Payment Form WordPress Plugin – WP SmartPay |
Affected:
1.1.0 , ≤ 2.7.13
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T13:45:58.606777Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T14:03:29.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager and Payment Form WordPress Plugin \u2013 WP SmartPay",
"vendor": "themesgrove",
"versions": [
{
"lessThanOrEqual": "2.7.13",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kenneth Dunn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager and Payment Form WordPress Plugin \u2013 WP SmartPay plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 1.1.0 to 2.7.13 via the show() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user\u0027s data like email address, name, and notes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T01:43:07.050Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3aade1bd-b69d-4134-a4f7-78372a291557?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/smartpay/tags/2.7.13/app/Http/Controllers/Rest/CustomerController.php#L34"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-06T13:25:42.000Z",
"value": "Disclosed"
}
],
"title": "Download Manager and Payment Form WordPress Plugin \u2013 WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Subscriber+) Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-3851",
"datePublished": "2025-05-07T01:43:07.050Z",
"dateReserved": "2025-04-21T13:50:28.208Z",
"dateUpdated": "2025-05-07T14:03:29.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3851 (GCVE-0-2025-3851)
Vulnerability from cvelistv5 – Published: 2025-05-07 01:43 – Updated: 2025-05-07 14:03
VLAI
Title
Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Subscriber+) Information Exposure
Summary
The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 1.1.0 to 2.7.13 via the show() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user's data like email address, name, and notes.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| themesgrove | Download Manager and Payment Form WordPress Plugin – WP SmartPay |
Affected:
1.1.0 , ≤ 2.7.13
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T13:45:58.606777Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T14:03:29.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager and Payment Form WordPress Plugin \u2013 WP SmartPay",
"vendor": "themesgrove",
"versions": [
{
"lessThanOrEqual": "2.7.13",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kenneth Dunn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager and Payment Form WordPress Plugin \u2013 WP SmartPay plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 1.1.0 to 2.7.13 via the show() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user\u0027s data like email address, name, and notes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T01:43:07.050Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3aade1bd-b69d-4134-a4f7-78372a291557?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/smartpay/tags/2.7.13/app/Http/Controllers/Rest/CustomerController.php#L34"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-06T13:25:42.000Z",
"value": "Disclosed"
}
],
"title": "Download Manager and Payment Form WordPress Plugin \u2013 WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Subscriber+) Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-3851",
"datePublished": "2025-05-07T01:43:07.050Z",
"dateReserved": "2025-04-21T13:50:28.208Z",
"dateUpdated": "2025-05-07T14:03:29.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}