PT-2026-7512 · WordPress · Videospirecore Theme Plugin
Published
2026-02-11
·
Updated
2026-02-16
·
CVE-2025-15096
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Videospirecore Theme Plugin versions prior to 1.0.7
Description
The 'Videospirecore Theme Plugin' for WordPress is susceptible to privilege escalation, potentially leading to account takeover. The issue arises from insufficient validation of a user’s identity before allowing updates to user details, such as email addresses. Authenticated attackers with Subscriber-level access or higher can modify the email addresses of any user, including administrators, and subsequently reset passwords to gain unauthorized access to accounts.
Recommendations
Update the Videospirecore Theme Plugin to version 1.0.7 or later.
Fix
LPE
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Videospirecore Theme Plugin