{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-3105", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-04-01T22:33:18.158Z", "datePublished": "2025-04-04T07:27:41.997Z", "dateUpdated": "2026-04-08T16:34:52.481Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:34:52.481Z"}, "affected": [{"vendor": "TangibleWP", "product": "Vehica Core", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.97", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Vehica Core plugin for WordPress, used by the Vehica - Car Dealer & Listing WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 1.0.97. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator."}], "title": "Vehica Core <= 1.0.97 - Authenticated (Subscriber+) Privilege Escalation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0b787d6f-d002-4f09-8336-ebb91321e20b?source=cve"}, {"url": "https://support.vehica.com/support/solutions/articles/101000393710"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management", "cweId": "CWE-269", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Alyudin Nafiie"}], "timeline": [{"time": "2025-04-03T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-04T13:15:04.621256Z", "id": "CVE-2025-3105", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-04T13:15:56.126Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3105", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-04T13:15:04.621256Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-04T13:15:51.433Z"}}], "cna": {"title": "Vehica Core <= 1.0.97 - Authenticated (Subscriber+) Privilege Escalation", "credits": [{"lang": "en", "type": "finder", "value": "Alyudin Nafiie"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "TangibleWP", "product": "Vehica Core", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.0.97"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-03T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0b787d6f-d002-4f09-8336-ebb91321e20b?source=cve"}, {"url": "https://support.vehica.com/support/solutions/articles/101000393710"}], "descriptions": [{"lang": "en", "value": "The Vehica Core plugin for WordPress, used by the Vehica - Car Dealer & Listing WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 1.0.97. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-04-04T07:27:41.997Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3105", "state": "PUBLISHED", "dateUpdated": "2025-04-04T13:15:56.126Z", "dateReserved": "2025-04-01T22:33:18.158Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-04-04T07:27:41.997Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Vehica Core plugin for WordPress, used by the Vehica - Car Dealer & Listing WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 1.0.97. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator."}, {"lang": "es", "value": "El complemento Vehica Core para WordPress, utilizado por el tema Vehica - Car Dealer &amp; Listing para WordPress, es vulnerable a la escalada de privilegios en todas las versiones hasta la 1.0.97 incluida. Esto se debe a que el complemento o valida correctamente los metacampos del usuario antes de actualizarlos en la base de datos. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, escalen sus privilegios a administrador."}], "id": "CVE-2025-3105", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-04-04T08:15:14.190", "references": [{"source": "security@wordfence.com", "url": "https://support.vehica.com/support/solutions/articles/101000393710"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0b787d6f-d002-4f09-8336-ebb91321e20b?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T17:38:15.673414+00:00", "value": {"mitigation_remediation": ["Update Vehica Core to version 1.0.98 or later to eliminate the privilege escalation flaw.", "If an immediate update is not possible, remove or restrict the ability of Subscriber-level users to edit user meta fields, for example by applying a role\u2011management plugin that limits this capability.", "Conduct a review of existing user accounts and metadata to ensure no unintended privilege changes have been made, and enforce least\u2011privilege practices for role assignments."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation to Administrator"}, "threat_synthesis": {"affected_systems": "TangibleWP\u2019s Vehica Core plugin, versions up to and including 1.0.97, is affected. The plugin is used in conjunction with the Vehica \u2013 Car Dealer & Listing WordPress Theme, and any site deploying these components under the identified versions is at risk.", "description_and_impact": "The vulnerability in the Vehica Core plugin allows an authenticated user with Subscriber-level access to alter user meta fields that are not properly validated before database updates. This flaw enables such a user to elevate their privileges to Administrator, gaining full control over the WordPress site. The weakness is classified as CWE-269, an improper privilege escalation flaw.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity vulnerability, but the EPSS score of less than 1% suggests a low likelihood of exploitation under current conditions. The vulnerability is not listed in the CISA KEV catalog. Attacks would require an authenticated user already possessing Subscriber privileges or higher, after which the improper validation of user meta fields would be exploited to gain Administrator rights."}}}}, "created": "2026-04-22T17:45:22.922787+00:00", "updated": "2026-04-22T17:45:22.922799+00:00", "vendors": []}