{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-0316", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-01-07T18:43:54.464Z", "datePublished": "2025-02-08T21:20:58.901Z", "dateUpdated": "2026-04-08T16:48:05.213Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:48:05.213Z"}, "affected": [{"vendor": "Chimpstudio", "product": "WP Directorybox Manager", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_enquiry_agent_contact_form_submit_callback' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username."}], "title": "WP Directorybox Manager <= 2.5 - Authentication Bypass", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ee1f412-7555-4dec-ba59-49412471a42f?source=cve"}, {"url": "https://themeforest.net/item/directory-multipurpose-wordpress-theme/10480929"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "cweId": "CWE-288", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "timeline": [{"time": "2025-01-07T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-01-07T00:00:00.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-02-08T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0316", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-10T13:36:47.008823Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:51:41.842Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0316", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-10T13:36:47.008823Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:46:27.687Z"}}], "cna": {"title": "WP Directorybox Manager <= 2.5 - Authentication Bypass", "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "Chimpstudio", "product": "WP Directorybox Manager", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.5"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-01-07T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-01-07T00:00:00.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-02-08T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ee1f412-7555-4dec-ba59-49412471a42f?source=cve"}, {"url": "https://themeforest.net/item/directory-multipurpose-wordpress-theme/10480929"}], "descriptions": [{"lang": "en", "value": "The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_enquiry_agent_contact_form_submit_callback' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:48:05.213Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0316", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:48:05.213Z", "dateReserved": "2025-01-07T18:43:54.464Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-02-08T21:20:58.901Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_enquiry_agent_contact_form_submit_callback' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username."}, {"lang": "es", "value": "El complemento WP Directorybox Manager para WordPress es vulnerable a la omisi\u00f3n de autenticaci\u00f3n en versiones hasta la 2.5 incluida. Esto se debe a una autenticaci\u00f3n incorrecta en la funci\u00f3n 'wp_dp_enquiry_agent_contact_form_submit_callback'. Esto hace posible que atacantes no autenticados inicien sesi\u00f3n como cualquier usuario existente en el sitio, como un administrador, si tienen acceso al nombre de usuario."}], "id": "CVE-2025-0316", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-02-08T22:15:28.477", "references": [{"source": "security@wordfence.com", "url": "https://themeforest.net/item/directory-multipurpose-wordpress-theme/10480929"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ee1f412-7555-4dec-ba59-49412471a42f?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T03:43:07.940787+00:00", "value": {"mitigation_remediation": ["Update WP Directorybox Manager to the latest version, at least 2.6, to eliminate the unauthenticated access flaw.", "Revoke and immediately regenerate usernames, passwords, and API tokens for all user accounts, especially administrators, to mitigate potential credential compromise.", "Modify or disable the wp_dp_enquiry_agent_contact_form_submit_callback endpoint by adding an authentication check or replacing it with a secure alternative that requires a logged\u2011in user or CAPTCHA verification."], "summary": {"action": "Immediate Patch", "impact": "Authentication Bypass"}, "threat_synthesis": {"affected_systems": "The issue affects the Chimpstudio WP Directorybox Manager plugin for WordPress, version 2.5 and earlier. Site owners using any of these versions are at risk.", "description_and_impact": "The WP Directorybox Manager plugin contains a flaw in the wp_dp_enquiry_agent_contact_form_submit_callback function that allows an attacker to authenticate as any existing user by simply supplying a valid username. This weakness enables unauthorized access to site accounts and any privileges associated with them, including administrator rights if the target username is known. The vulnerability is a classic Authentication Bypass (CWE-288) and can lead to full control of the WordPress installation.", "risk_and_exploitability": "The CVSS v3.1 score of 9.8 indicates Critical severity. The EPSS score of less than 1% suggests current exploitation probability is low but not zero, so the threat is present but uncommon. The vulnerability is not listed in the CISA KEV catalog. Attacks would most likely originate from remote clients that can submit the vulnerable contact form, four steps: reach the form endpoint, provide a known username, trigger the callback, and obtain a valid authentication cookie. No special privileges or network access are required beyond being able to send an HTTP request."}}}}, "created": "2025-07-12T23:06:21.458047+00:00", "updated": "2026-04-28T03:45:20.283415+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}