CVE-2025-3101

Name of the Vulnerable Software and Affected Versions Configurator Theme Core plugin for WordPress versions up to, and including, 1.4.7

Description The issue is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change and escalate their privileges to Administrator.

Recommendations For versions up to, and including, 1.4.7, update to a version that properly validates user meta fields to prevent privilege escalation. As a temporary workaround, consider restricting access to user meta fields until a patch is available.