{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10742", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-09-19T18:39:16.715Z", "datePublished": "2025-10-16T06:47:29.826Z", "dateUpdated": "2026-04-08T17:13:26.336Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:13:26.336Z"}, "affected": [{"vendor": "dreamstechnologies", "product": "Truelysell Core", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.8.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.8.6. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. Note: This can only be exploited unauthenticated if the attacker knows which page contains the 'truelysell_edit_staff' shortcode."}], "title": "Truelysell Core <= 1.8.6 - Unauthenticated Arbitrary User Password Change", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a636e865-9556-4afb-8726-4537a160f379?source=cve"}, {"url": "https://themeforest.net/item/truelysell-service-booking-wordpress-theme/43398124"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "cweId": "CWE-639", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "timeline": [{"time": "2025-09-19T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-11-17T19:17:14.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-10-15T17:59:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-16T13:32:19.976617Z", "id": "CVE-2025-10742", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-16T15:37:17.180Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10742", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-16T13:32:19.976617Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-16T13:32:21.667Z"}}], "cna": {"title": "Truelysell Core <= 1.8.6 - Unauthenticated Arbitrary User Password Change", "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "dreamstechnologies", "product": "Truelysell Core", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.8.6"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-19T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-10-15T17:59:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a636e865-9556-4afb-8726-4537a160f379?source=cve"}, {"url": "https://themeforest.net/item/truelysell-service-booking-wordpress-theme/43398124"}], "descriptions": [{"lang": "en", "value": "The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.8.6. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. Note: This can only be exploited unauthenticated if the attacker knows which page contains the 'truelysell_edit_staff' shortcode."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-10-16T06:47:29.826Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10742", "state": "PUBLISHED", "dateUpdated": "2025-10-16T15:37:17.180Z", "dateReserved": "2025-09-19T18:39:16.715Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-10-16T06:47:29.826Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.8.6. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. Note: This can only be exploited unauthenticated if the attacker knows which page contains the 'truelysell_edit_staff' shortcode."}], "id": "CVE-2025-10742", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-10-16T07:15:32.517", "references": [{"source": "security@wordfence.com", "url": "https://themeforest.net/item/truelysell-service-booking-wordpress-theme/43398124"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a636e865-9556-4afb-8726-4537a160f379?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T02:16:10.944661+00:00", "value": {"mitigation_remediation": ["Update the Truelysell Core plugin to the latest available version, which removes the unauthenticated password change flaw.", "If an upgrade cannot be performed immediately, remove or restrict the truelysell_edit_staff shortcode so that only authenticated administrators can access the page that triggers the password change.", "Review WordPress authentication logs for unexpected password\u2011reset actions and monitor for potential account takeovers."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability exists in the Truelysell Core WordPress plugin from dreamstechnologies for all releases up to and including version 1.8.6. Only those installations running 1.8.6 or earlier are affected.", "description_and_impact": "The plugin allows unauthenticated users to change any user's password because it gives user\u2011controlled access to protected objects, effectively bypassing authorization. If an attacker can reach the page that contains the truelysell_edit_staff shortcode, they can perform a password reset for any account, including administrators, thereby taking over the site. This is a high\u2011impact flaw that compromises confidentiality, integrity, and availability of the WordPress site via credential takeover.", "risk_and_exploitability": "The CVSS score of 9.8 marks this flaw as critical, while the EPSS score of less than 1% indicates that exploitation is currently not widely observed. The flaw is not listed in the CISA KEV catalog. Attackers could exploit it unauthenticated over the Web by accessing the vulnerable shortcode page, so any web\u2011connected site that has the plugin installed and the shortcode exposed is a potential target. Because the change can be performed by anyone who can reach the page and the password can be set to any value, the risk of credential compromise and full administrative takeover is very high."}}}}, "created": "2025-10-20T13:25:21.392183+00:00", "updated": "2026-04-21T02:30:25.818592+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}