{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-3776", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-04-17T17:19:49.099Z", "datePublished": "2025-04-24T08:23:52.626Z", "dateUpdated": "2026-04-08T17:31:31.207Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:31:31.207Z"}, "affected": [{"vendor": "cajka", "product": "Verification SMS with TargetSMS", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code Execution in all versions up to, and including, 1.5 via the 'targetvr_ajax_handler' function. This is due to a lack of validation on the type of function that can be called. This makes it possible for unauthenticated attackers to execute any callable function on the site, such as phpinfo()."}], "title": "Verification SMS with TargetSMS <= 1.5 - Unauthenticated Limited Remote Code Execution", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed08d248-7467-4a3b-91a2-4286d91b9c50?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/verification-sms-targetsms/trunk/inc/ajax.php#L7"}, {"url": "https://plugins.trac.wordpress.org/browser/verification-sms-targetsms/trunk/inc/ajax.php#L9"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "cweId": "CWE-94", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "baseScore": 8.3, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Cheng Liu"}], "timeline": [{"time": "2025-04-23T19:47:36.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-24T12:52:53.808595Z", "id": "CVE-2025-3776", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-24T13:06:21.124Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3776", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-24T12:52:53.808595Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-24T13:04:05.257Z"}}], "cna": {"title": "Verification SMS with TargetSMS <= 1.5 - Unauthenticated Limited Remote Code Execution", "credits": [{"lang": "en", "type": "finder", "value": "Cheng Liu"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}}], "affected": [{"vendor": "cajka", "product": "Verification SMS with TargetSMS", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.5"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-23T19:47:36.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed08d248-7467-4a3b-91a2-4286d91b9c50?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/verification-sms-targetsms/trunk/inc/ajax.php#L7"}, {"url": "https://plugins.trac.wordpress.org/browser/verification-sms-targetsms/trunk/inc/ajax.php#L9"}], "descriptions": [{"lang": "en", "value": "The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code Execution in all versions up to, and including, 1.5 via the 'targetvr_ajax_handler' function. This is due to a lack of validation on the type of function that can be called. This makes it possible for unauthenticated attackers to execute any callable function on the site, such as phpinfo()."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-04-24T08:23:52.626Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3776", "state": "PUBLISHED", "dateUpdated": "2025-04-24T13:06:21.124Z", "dateReserved": "2025-04-17T17:19:49.099Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-04-24T08:23:52.626Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code Execution in all versions up to, and including, 1.5 via the 'targetvr_ajax_handler' function. This is due to a lack of validation on the type of function that can be called. This makes it possible for unauthenticated attackers to execute any callable function on the site, such as phpinfo()."}, {"lang": "es", "value": "El complemento Verification SMS with TargetSMS para WordPress es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo (RCE) limitada en todas las versiones hasta la 1.5 incluida, a trav\u00e9s de la funci\u00f3n \u00abtargetvr_ajax_handler\u00bb. Esto se debe a la falta de validaci\u00f3n del tipo de funci\u00f3n que se puede llamar. Esto permite que atacantes no autenticados ejecuten cualquier funci\u00f3n invocable en el sitio, como phpinfo()."}], "id": "CVE-2025-3776", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-04-24T09:15:31.890", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/verification-sms-targetsms/trunk/inc/ajax.php#L7"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/verification-sms-targetsms/trunk/inc/ajax.php#L9"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed08d248-7467-4a3b-91a2-4286d91b9c50?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T21:10:05.339820+00:00", "value": {"mitigation_remediation": ["Update the Verification SMS with TargetSMS plugin to the latest available version, or apply any vendor-provided patch that addresses the callable function validation issue.", "If an immediate upgrade is not possible, disable the 'targetvr_ajax_handler' endpoint or restrict it so that only authenticated users can invoke it, for example by adding an authentication check or by configuring .htaccess or a firewall rule to block external access to the AJAX URL.", "Implement a web application firewall rule that blocks or limits requests to the AJAX endpoint containing arbitrary function names or detect and reject suspicious payloads to mitigate the risk while a permanent fix is applied."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All instances of the Verification SMS with TargetSMS plugin released by cajka, with affected versions up to and including 1.5. No later versions are mentioned in the data, so the risk applies to every release until 1.5.", "description_and_impact": "The Verification SMS with TargetSMS plugin for WordPress contains a failure to properly validate the type of function that can be invoked through the 'targetvr_ajax_handler' endpoint. As a result, unauthenticated attackers can supply an arbitrary callable and cause the server to execute any PHP function, including sensitive functions such as phpinfo(). This vulnerability permits the attacker to run code directly on the site, potentially exposing server details, reading files, or escalating privileges if additional weaknesses exist.", "risk_and_exploitability": "The CVSS score of 8.3 indicates a high severity, and the EPSS score of less than 1% suggests a very low exploitation probability at the time of analysis, although the feature is exploitable by any visitor. The vulnerability is not listed in the CISA KEV catalog. Considering the description, the likely attack vector is a remote HTTP request to the AJAX handler with parameters crafted to call a malicious function; this does not require authentication."}}}}, "created": "2026-04-21T21:15:45.449599+00:00", "updated": "2026-04-21T21:15:45.449611+00:00", "vendors": []}