{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-3101", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-04-01T17:05:36.045Z", "datePublished": "2025-04-24T08:23:48.158Z", "dateUpdated": "2026-04-08T16:53:03.335Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:53:03.335Z"}, "affected": [{"vendor": "wp-configurator", "product": "Configurator Theme Core", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.4.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.7. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator."}], "title": "Configurator Theme Core <= 1.4.7 - Authenticated (Subscriber+) Privilege Escalation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/535aa061-479f-415e-bee6-3151c42b917e?source=cve"}, {"url": "https://themeforest.net/item/configurator-woocommerce-wordpress-theme/20474230"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management", "cweId": "CWE-269", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Tonn"}], "timeline": [{"time": "2025-04-23T19:36:21.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-24T13:39:54.697513Z", "id": "CVE-2025-3101", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-24T15:22:51.170Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3101", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-24T13:39:54.697513Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-24T13:48:16.680Z"}}], "cna": {"title": "Configurator Theme Core <= 1.4.7 - Authenticated (Subscriber+) Privilege Escalation", "credits": [{"lang": "en", "type": "finder", "value": "Tonn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "wp-configurator", "product": "Configurator Theme Core", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.4.7"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-23T19:36:21.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/535aa061-479f-415e-bee6-3151c42b917e?source=cve"}, {"url": "https://themeforest.net/item/configurator-woocommerce-wordpress-theme/20474230"}], "descriptions": [{"lang": "en", "value": "The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.7. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-04-24T08:23:48.158Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3101", "state": "PUBLISHED", "dateUpdated": "2025-04-24T15:22:51.170Z", "dateReserved": "2025-04-01T17:05:36.045Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-04-24T08:23:48.158Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.7. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator."}, {"lang": "es", "value": "El complemento Configurator Theme Core para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 1.4.7 incluida. Esto se debe a que el complemento no valida correctamente los metacampos del usuario antes de actualizarlos en la base de datos. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, escalen sus privilegios a administrador."}], "id": "CVE-2025-3101", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-04-24T09:15:30.843", "references": [{"source": "security@wordfence.com", "url": "https://themeforest.net/item/configurator-woocommerce-wordpress-theme/20474230"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/535aa061-479f-415e-bee6-3151c42b917e?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T01:41:26.444973+00:00", "value": {"mitigation_remediation": ["Disable or remove the Configurator Theme Core plugin if it is not required, and keep it inactive until a vendor\u2011provided fix is available.", "Verify that Subscriber accounts do not possess capabilities to modify user meta or elevate privileges; revoke any such capabilities if they exist.", "Implement regular monitoring of user meta changes and review audit logs to detect unauthorized privilege escalations."], "summary": {"action": "Patch Now", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "WordPress sites that have the wp-configurator:Configurator Theme Core plugin installed with any version up to and including 1.4.7. The vulnerability affects all users who have Subscriber\u2011level access or higher, regardless of the site\u2019s specific configuration or role definitions.", "description_and_impact": "The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation because the plugin does not correctly validate user meta fields before updating them in the database. This flaw is a classic case of CWE-269, where an attacker is able to write data they should not be permitted to write, elevating their permissions. As a result, an authenticated user with the minimum Subscriber role or higher can modify stored user meta to acquire Administrator\u2011level access, undermining the integrity of the site\u2019s access controls.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity assessment. The EPSS score of less than 1% suggests that, as of the latest data, exploitation is not currently common, but the vulnerability remains a significant risk because it requires only an existing authenticated account and no special network access. The vulnerability is not listed in CISA\u2019s KEV catalog, so it has not been observed in widespread exploitation campaigns. The likely attack vector is an authenticated, subscriber\u2011level user who can trigger the plugin\u2019s user metadata update mechanisms, allowing them to inject elevated authority credentials directly into the database."}}}}, "created": "2026-04-22T01:45:05.624914+00:00", "updated": "2026-04-22T01:45:05.624925+00:00", "vendors": []}