{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-3793", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-04-18T10:14:40.302Z", "datePublished": "2025-04-24T08:23:52.234Z", "dateUpdated": "2026-04-08T17:29:20.030Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:29:20.030Z"}, "affected": [{"vendor": "lamarant", "product": "Buddypress Force Password Change", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account takeover due to the plugin not properly validating a user's identity prior to updating their password through the 'bp_force_password_ajax' function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with subscriber-level access and above and under certain prerequisites, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their accounts."}], "title": "Buddypress Force Password Change <= 0.1 - Authenticated (Subscriber+) Account Takeover via Password Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3048c4c-77b1-4778-a5d0-b532df777d06?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/buddy-press-force-password-change/trunk/bp-force-password-change.php#L93"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-620 Unverified Password Change", "cweId": "CWE-620", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 4.2, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "timeline": [{"time": "2025-04-11T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-04-23T19:45:59.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-24T12:52:59.588989Z", "id": "CVE-2025-3793", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-24T13:06:26.570Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3793", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-24T12:52:59.588989Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-24T13:04:06.662Z"}}], "cna": {"title": "Buddypress Force Password Change <= 0.1 - Authenticated (Subscriber+) Account Takeover via Password Update", "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}}], "affected": [{"vendor": "lamarant", "product": "Buddypress Force Password Change", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "0.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-11T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-04-23T19:45:59.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3048c4c-77b1-4778-a5d0-b532df777d06?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/buddy-press-force-password-change/trunk/bp-force-password-change.php#L93"}], "descriptions": [{"lang": "en", "value": "The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account takeover due to the plugin not properly validating a user's identity prior to updating their password through the 'bp_force_password_ajax' function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with subscriber-level access and above and under certain prerequisites, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their accounts."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-620", "description": "CWE-620 Unverified Password Change"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-04-24T08:23:52.234Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3793", "state": "PUBLISHED", "dateUpdated": "2025-04-24T13:06:26.570Z", "dateReserved": "2025-04-18T10:14:40.302Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-04-24T08:23:52.234Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account takeover due to the plugin not properly validating a user's identity prior to updating their password through the 'bp_force_password_ajax' function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with subscriber-level access and above and under certain prerequisites, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their accounts."}, {"lang": "es", "value": "El complemento Buddypress Force Password Change para WordPress es vulnerable a la usurpaci\u00f3n de cuentas autenticadas debido a que no valida correctamente la identidad del usuario antes de actualizar su contrase\u00f1a mediante la funci\u00f3n 'bp_force_password_ajax' en todas las versiones hasta la 0.1 incluida. Esto permite a atacantes autenticados, con acceso de suscriptor o superior, y bajo ciertos requisitos, cambiar las contrase\u00f1as de usuarios arbitrarios, incluyendo las de administradores, y aprovecharse de ello para acceder a sus cuentas."}], "id": "CVE-2025-3793", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-04-24T09:15:32.077", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/buddy-press-force-password-change/trunk/bp-force-password-change.php#L93"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3048c4c-77b1-4778-a5d0-b532df777d06?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-620"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T23:09:21.519988+00:00", "value": {"mitigation_remediation": ["Update the Buddypress Force Password Change plugin to the latest version that enforces proper identity checks or uninstall the plugin if no update is available.", "Restrict the subscriber role or modify the plugin to allow password changes only for administrators or higher\u2011privileged users as a temporary workaround.", "Disable the bp_force_password_ajax endpoint by adding custom code to functions.php or using a security plugin to block that AJAX URI."], "summary": {"action": "Update Plugin", "impact": "Account Takeover"}, "threat_synthesis": {"affected_systems": "Lamarant\u2019s Buddypress Force Password Change plugin for WordPress, any version up to and including 0.1 is affected. The vulnerability exists in the plugin code that processes password updates and does not check that the requester is the target account or an administrator.", "description_and_impact": "The Buddypress Force Password Change plugin for WordPress is vulnerable because it does not properly validate the identity of the user before updating a password via the bp_force_password_ajax function. An authenticated attacker who has at least subscriber\u2011level access can call this AJAX endpoint and change the password of any user, including administrators, thereby gaining control of those accounts. The core weakness is a CWE\u2011620 type flaw that erodes the authentication boundary between requestor and target.", "risk_and_exploitability": "With a CVSS score of 4.2 the severity is low, and the EPSS score of less than 1% indicates a very low likelihood of exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog. However, because it requires only an authenticated user with subscriber\u2011level role\u2014which is a common role on many WordPress sites\u2014an attacker could readily target any site that installs this plugin until a patch is applied. The attack vector is an authenticated AJAX call, so no special network privileges are needed beyond legitimate account access."}}}}, "created": "2026-04-20T23:15:06.307723+00:00", "updated": "2026-04-20T23:15:06.307733+00:00", "vendors": []}