{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-2238", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-03-11T23:50:47.122Z", "datePublished": "2025-04-25T06:45:28.836Z", "dateUpdated": "2026-04-08T17:11:41.212Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:11:41.212Z"}, "affected": [{"vendor": "Odin_Design", "product": "Vikinger", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.9.30", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30. This is due to insufficient user_meta restrictions in the 'vikinger_user_meta_update_ajax' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to escalate their privileges to Administrator-level."}], "title": "Vikinger <= 1.9.30 - Authenticated (Subscriber+) Privilege Escalation via 'vikinger_user_meta_update_ajax'", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e0cba5b-5833-4c02-ac17-830994b0f207?source=cve"}, {"url": "https://themeforest.net/item/vikinger-buddypress-and-gamipress-social-community/28612259"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management", "cweId": "CWE-269", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Tonn"}], "timeline": [{"time": "2025-04-24T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-25T15:38:49.097982Z", "id": "CVE-2025-2238", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-25T16:01:45.691Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2238", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-25T15:38:49.097982Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-25T15:38:50.453Z"}}], "cna": {"title": "Vikinger <= 1.9.30 - Authenticated (Subscriber+) Privilege Escalation via 'vikinger_user_meta_update_ajax'", "credits": [{"lang": "en", "type": "finder", "value": "Tonn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "Odin_Design", "product": "Vikinger", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.9.30"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-24T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e0cba5b-5833-4c02-ac17-830994b0f207?source=cve"}, {"url": "https://themeforest.net/item/vikinger-buddypress-and-gamipress-social-community/28612259"}], "descriptions": [{"lang": "en", "value": "The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30. This is due to insufficient user_meta restrictions in the 'vikinger_user_meta_update_ajax' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to escalate their privileges to Administrator-level."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-04-25T06:45:28.836Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2238", "state": "PUBLISHED", "dateUpdated": "2025-04-25T16:01:45.691Z", "dateReserved": "2025-03-11T23:50:47.122Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-04-25T06:45:28.836Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30. This is due to insufficient user_meta restrictions in the 'vikinger_user_meta_update_ajax' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to escalate their privileges to Administrator-level."}, {"lang": "es", "value": "El tema Vikinger para WordPress es vulnerable a la p\u00e9rdida de privilegios en todas las versiones hasta la 1.9.30 incluida. Esto se debe a restricciones user_meta insuficientes en la funci\u00f3n 'vikinger_user_meta_update_ajax'. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, escalen sus privilegios al nivel de administrador."}], "id": "CVE-2025-2238", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-04-25T07:15:47.523", "references": [{"source": "security@wordfence.com", "url": "https://themeforest.net/item/vikinger-buddypress-and-gamipress-social-community/28612259"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e0cba5b-5833-4c02-ac17-830994b0f207?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T01:38:56.252835+00:00", "value": {"mitigation_remediation": ["Update the Vikinger theme to a version newer than 1.9.30 that contains the fix for the ajax handler.", "If a quick theme upgrade is not possible, modify or disable the vikinger_user_meta_update_ajax handler so that only users with Administrator capability can execute it. This can be achieved by adding an access check that rejects non-admin requests.", "Deploy a web application firewall rule that blocks or alerts on calls to the vikinger_user_meta_update_ajax endpoint from roles below Administrator to mitigate the risk while a patch is applied."], "summary": {"action": "Patch Now", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Vendors: Odin_Design. Product: Vikinger theme for WordPress. Versions affected: all releases up to and including 1.9.30. Users running these versions may be vulnerable if an attacker can authenticate as a Subscriber or higher role.", "description_and_impact": "The Vikinger WordPress theme contains a flaw in the vikinger_user_meta_update_ajax function that fails to properly restrict user meta updates, which is a vulnerability classified as CWE\u2011269 (Privilege Validation Required). As a result, any authenticated user with Subscriber level access or higher can bypass normal role checks and gain Administrator privileges. This elevation can lead to complete control over the site, including the ability to install plugins, alter settings, and access sensitive information.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity exposure, while an EPSS score of <1% suggests low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Attackers need only valid user credentials with Subscriber or higher role to trigger the exploit, making it an authenticated privilege escalation rather than a remote code execution."}}}}, "created": "2025-07-12T22:44:57.124196+00:00", "updated": "2026-04-22T01:45:05.622092+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}