{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4105", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-04-29T23:43:47.744Z", "datePublished": "2025-05-21T09:21:50.660Z", "dateUpdated": "2026-04-08T16:57:34.197Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:57:34.197Z"}, "affected": [{"vendor": "splitit", "product": "Splitit", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.2.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Splitit plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the 'splitIt-flexfields-payment-gateway.php' file in all versions up to, and including, 4.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change plugin settings, including changing the environment from sandbox to production and vice versa."}], "title": "Splitit <= 4.2.8 - Missing Authorization to Multiple Administrative Actions", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6471b075-8115-4d38-a7dd-2308dca69f15?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/splitit-installment-payments/tags/4.2.6/splitIt-flexfields-payment-gateway.php#L765"}, {"url": "https://plugins.trac.wordpress.org/browser/splitit-installment-payments/tags/4.2.6/splitIt-flexfields-payment-gateway.php#L1927"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3297893%40splitit-installment-payments&new=3297893%40splitit-installment-payments&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Sushi Com Abacate"}], "timeline": [{"time": "2025-05-20T20:31:09.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-21T10:11:40.185753Z", "id": "CVE-2025-4105", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-21T10:16:39.665Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4105", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-21T10:11:40.185753Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-21T10:11:45.582Z"}}], "cna": {"title": "Splitit <= 4.2.8 - Missing Authorization to Multiple Administrative Actions", "credits": [{"lang": "en", "type": "finder", "value": "Sushi Com Abacate"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}}], "affected": [{"vendor": "splitit", "product": "Splitit", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.2.8"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-05-20T20:31:09.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6471b075-8115-4d38-a7dd-2308dca69f15?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/splitit-installment-payments/tags/4.2.6/splitIt-flexfields-payment-gateway.php#L765"}, {"url": "https://plugins.trac.wordpress.org/browser/splitit-installment-payments/tags/4.2.6/splitIt-flexfields-payment-gateway.php#L1927"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3297893%40splitit-installment-payments&new=3297893%40splitit-installment-payments&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Splitit plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the 'splitIt-flexfields-payment-gateway.php' file in all versions up to, and including, 4.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change plugin settings, including changing the environment from sandbox to production and vice versa."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:57:34.197Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4105", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:57:34.197Z", "dateReserved": "2025-04-29T23:43:47.744Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-05-21T09:21:50.660Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Splitit plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the 'splitIt-flexfields-payment-gateway.php' file in all versions up to, and including, 4.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change plugin settings, including changing the environment from sandbox to production and vice versa."}, {"lang": "es", "value": "El complemento Splitit para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a la falta de comprobaciones de capacidad en varias funciones del archivo 'splitIt-flexfields-payment-gateway.php' en todas las versiones hasta la 4.2.8 incluida. Esto permite a atacantes autenticados, con acceso de suscriptor o superior, modificar la configuraci\u00f3n del complemento, incluyendo cambiar el entorno de la sandbox a producci\u00f3n y viceversa."}], "id": "CVE-2025-4105", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-05-21T12:16:22.473", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/splitit-installment-payments/tags/4.2.6/splitIt-flexfields-payment-gateway.php#L1927"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/splitit-installment-payments/tags/4.2.6/splitIt-flexfields-payment-gateway.php#L765"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3297893%40splitit-installment-payments&new=3297893%40splitit-installment-payments&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6471b075-8115-4d38-a7dd-2308dca69f15?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T01:31:25.091630+00:00", "value": {"mitigation_remediation": ["Upgrade the Splitit plugin to a version newer than 4.2.8 once an official fix is released.", "Configure WordPress user roles so that only Administrators have the capability to modify plugin settings, removing this permission from Subscriber and related roles.", "Verify the current payment environment setting, and implement a controlled approval process for any changes to ensure only authorized users can alter the configuration."], "summary": {"action": "Patch", "impact": "Unauthorized Modification of Plugin Settings"}, "threat_synthesis": {"affected_systems": "Affected systems are WordPress sites that have installed the Splitit installment\u2011payments plugin in a version 4.2.8 or earlier. The vulnerability resides in the plugin\u2019s splitIt-flexfields-payment-gateway.php file and can be leveraged by users possessing authenticated access with Subscriber-level or greater permissions.", "description_and_impact": "The Splitit plugin for WordPress contains missing capability checks within the splitIt-flexfields-payment-gateway.php file across all releases up to version 4.2.8. Authenticated users who hold the Subscriber role or any higher privilege can modify plugin configuration, for instance toggling the payment environment between sandbox and production, without proper authorization.", "risk_and_exploitability": "The CVSS score of 5.4 categorizes the flaw as moderate severity for unauthorized configuration changes. The EPSS rating of less than 1% indicates a very low exploitation likelihood. The vulnerability is not listed in CISA\u2019s KEV catalog. Exploitation requires the attacker to be authenticated on the site with at least Subscriber privileges, making it a privilege\u2011related configuration issue rather than a remote code execution vector."}}}}, "created": "2026-04-22T01:45:05.615956+00:00", "updated": "2026-04-22T01:45:05.615970+00:00", "vendors": []}