{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-3810", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-04-18T18:08:49.740Z", "datePublished": "2025-05-09T01:42:34.585Z", "dateUpdated": "2026-04-08T16:53:25.522Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:53:25.522Z"}, "affected": [{"vendor": "iqonicdesign", "product": "WPBookit", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the edit_profile_data() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses and passwords, including administrators, and leverage that to gain access to their account."}], "title": "WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/54f1ebfb-67f1-461d-91f1-269b0a2c0653?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3278939/wpbookit/trunk/core/admin/classes/controllers/class.wpb-profile-controller.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "cweId": "CWE-639", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "timeline": [{"time": "2025-05-08T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-09T03:42:32.194940Z", "id": "CVE-2025-3810", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-09T03:42:51.691Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3810", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-09T03:42:32.194940Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-09T03:42:47.308Z"}}], "cna": {"title": "WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover", "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "iqonicdesign", "product": "WPBookit", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-05-08T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/54f1ebfb-67f1-461d-91f1-269b0a2c0653?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3278939/wpbookit/trunk/core/admin/classes/controllers/class.wpb-profile-controller.php"}], "descriptions": [{"lang": "en", "value": "The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the edit_profile_data() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses and passwords, including administrators, and leverage that to gain access to their account."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:53:25.522Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3810", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:53:25.522Z", "dateReserved": "2025-04-18T18:08:49.740Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-05-09T01:42:34.585Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:iqonic:wpbookit:*:*:*:*:free:wordpress:*:*", "matchCriteriaId": "60D737B6-6693-4BD8-993F-42F8182A0466", "versionEndExcluding": "1.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the edit_profile_data() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses and passwords, including administrators, and leverage that to gain access to their account."}, {"lang": "es", "value": "El complemento PBookit para WordPress es vulnerable a la escalada de privilegios mediante robo de cuenta en todas las versiones hasta la 1.0.2 incluida. Esto se debe a que el complemento no valida correctamente la identidad del usuario antes de actualizar sus datos, como la contrase\u00f1a y el correo electr\u00f3nico, mediante la funci\u00f3n edit_profile_data(). Esto permite que atacantes no autenticados cambien las direcciones de correo electr\u00f3nico y las contrase\u00f1as de usuarios arbitrarios, incluidos los administradores, y aprovechen esta situaci\u00f3n para acceder a sus cuentas."}], "id": "CVE-2025-3810", "lastModified": "2025-06-27T17:39:17.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-05-09T03:15:24.150", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3278939/wpbookit/trunk/core/admin/classes/controllers/class.wpb-profile-controller.php"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/54f1ebfb-67f1-461d-91f1-269b0a2c0653?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T01:34:35.891413+00:00", "value": {"mitigation_remediation": ["Apply the latest version of WPBookit (greater than 1.0.2) to remove the unverified profile update functionality.", "If upgrading is not immediately possible, disable or uninstall the WPBookit plugin to eliminate the attack surface.", "Review user accounts for suspicious changes and reset any compromised passwords or email addresses."], "summary": {"action": "Immediate Patch", "impact": "Privilege escalation via account takeover"}, "threat_synthesis": {"affected_systems": "All installations of the WPBookit plugin from any version through 1.0.2, distributed by iqonicdesign and including the free WordPress edition, are affected regardless of other WordPress components or hosting environments. Any WordPress site that has loaded this plugin is impacted.", "description_and_impact": "The WPBookit WordPress plugin up to version 1.0.2 contains an insecure direct object reference that allows an unauthenticated attacker to influence the edit_profile_data() routine. Because the plugin fails to verify the identity of the requesting user before applying changes to a profile, an attacker can modify any user\u2019s email address or password, including those of administrators. This flaw enables full account takeover and thus elevates the attacker\u2019s privileges across the site.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 9.8, indicating critical severity. The EPSS score is below 1\u202f%, suggesting exploitation attempts are currently rare but still plausible. It is not currently listed in the CISA KEV catalog. Attackers can exploit this flaw remotely from any network location with internet access to the WordPress site, without needing prior authentication. The path requires only an HTTP request that triggers the edit_profile_data() method, which is publicly accessible. The lack of authentication and authorization checks makes the attack straightforward once the endpoint is identified."}}}}, "created": "2026-04-22T01:45:05.619939+00:00", "updated": "2026-04-22T01:45:05.619950+00:00", "vendors": []}