PT-2025-27585 · WordPress · Wp Smartpay
Kenneth Dunn
·
Published
2025-07-02
·
Updated
2025-07-07
·
CVE-2025-3848
8.8
High
| Base vector | Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
WP SmartPay plugin for WordPress versions 1.1.0 through 2.7.13
Description:
The issue is related to privilege escalation via account takeover. This occurs because the plugin does not properly validate a user's identity before updating their email through the `update()` function. As a result, authenticated attackers with Subscriber-level access or higher can change arbitrary users' email addresses, including those of administrators, and then reset the user's password to gain access to their account.
Recommendations:
For WP SmartPay plugin for WordPress versions 1.1.0 through 2.7.13, consider disabling the `update()` function until a patch is available to prevent attackers from changing user email addresses and gaining unauthorized access. Restrict access to the plugin's functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
LPE
IDOR
Weakness Enumeration
Related Identifiers
Affected Products
References · 8
- https://osv.dev/vulnerability/CVE-2025-3848 · Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-3848 · Security Note
- https://plugins.trac.wordpress.org/browser/smartpay/tags/2.7.13/app/Http/Controllers/Rest/CustomerController.php#L51 · Note
- https://t.me/cvenotify/127342 · Telegram Post
- https://twitter.com/VulmonFeeds/status/1940291736774881775 · Twitter Post
- https://wordfence.com/threat-intel/vulnerabilities/id/c197e26f-745b-481a-a7b5-79d1211c02ea?source=cve · Note
- https://twitter.com/CveFindCom/status/1940261876048244836 · Twitter Post
- https://twitter.com/cracbot/status/1942176814472069134 · Twitter Post