{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4335", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-05T15:32:04.904Z", "datePublished": "2025-05-07T01:43:08.149Z", "dateUpdated": "2026-04-08T17:10:08.415Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:10:08.415Z"}, "affected": [{"vendor": "n3wnormal", "product": "Woocommerce Multiple Addresses", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.7.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1. This is due to insufficient restrictions on user meta that can be updated through the save_multiple_shipping_addresses() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator."}], "title": "Woocommerce Multiple Addresses <= 1.0.7.1 - Authenticated (Subscriber+) Privilege Escalation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/95e74e70-9dc9-4e63-b371-fd2a38692907?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/woocommerce-multiple-addresses/trunk/class-woocommerce-multiple-addresses.php#L522"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management", "cweId": "CWE-269", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Cheng Liu"}], "timeline": [{"time": "2025-05-06T13:28:35.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-07T13:46:15.887563Z", "id": "CVE-2025-4335", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-07T14:03:12.337Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4335", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-07T13:46:15.887563Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-07T13:46:17.854Z"}}], "cna": {"title": "Woocommerce Multiple Addresses <= 1.0.7.1 - Authenticated (Subscriber+) Privilege Escalation", "credits": [{"lang": "en", "type": "finder", "value": "Cheng Liu"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "n3wnormal", "product": "Woocommerce Multiple Addresses", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.7.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-05-06T13:28:35.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/95e74e70-9dc9-4e63-b371-fd2a38692907?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/woocommerce-multiple-addresses/trunk/class-woocommerce-multiple-addresses.php#L522"}], "descriptions": [{"lang": "en", "value": "The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1. This is due to insufficient restrictions on user meta that can be updated through the save_multiple_shipping_addresses() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:10:08.415Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4335", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:10:08.415Z", "dateReserved": "2025-05-05T15:32:04.904Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-05-07T01:43:08.149Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1. This is due to insufficient restrictions on user meta that can be updated through the save_multiple_shipping_addresses() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator."}, {"lang": "es", "value": "El complemento WooCommerce Multiple Addresses para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 1.0.7.1 incluida. Esto se debe a restricciones insuficientes en los metadatos de usuario, que se pueden actualizar mediante la funci\u00f3n save_multiple_shipping_addresses(). Esto permite que atacantes autenticados, con acceso de suscriptor o superior, eleven sus privilegios a los de administrador."}], "id": "CVE-2025-4335", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-05-07T03:15:19.370", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/woocommerce-multiple-addresses/trunk/class-woocommerce-multiple-addresses.php#L522"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/95e74e70-9dc9-4e63-b371-fd2a38692907?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T01:35:26.650933+00:00", "value": {"mitigation_remediation": ["Apply the latest patch by updating the WooCommerce Multiple Addresses plugin to a version newer than 1.0.7.1, which removes the privilege escalation bug.", "If no updated version is available, disable or uninstall the plugin to eliminate its ability to tamper with user meta.", "Until a patch is applied, restrict the ability of the Subscriber role to edit user meta by modifying role capabilities or applying a temporary code tweak that enforces proper capability checks on the save_multiple_shipping_addresses() function."], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation to Administrator"}, "threat_synthesis": {"affected_systems": "The affected product is the WooCommerce Multiple Addresses plugin (author: n3wnormal) on WordPress sites. All released versions up to and including 1.0.7.1 are vulnerable. WordPress installations that have accepted the default or unmodified role capabilities for the plugin\u2019s API are at risk.", "description_and_impact": "The WooCommerce Multiple Addresses plugin for WordPress contains a privilege escalation flaw that allows authenticated users with Subscriber-level access to modify protected user meta fields via the save_multiple_shipping_addresses() function. Because the function performs no capability checks, an attacker can alter role\u2011controlling fields and promote themselves to Administrator. This flaw is a CWE\u2011269 vulnerability, resulting in full administrative control over the site, including content, configuration, and user data.", "risk_and_exploitability": "The high CVSS score of 8.8 reflects the critical impact of gaining administrator privileges. The EPSS score of less than 1% indicates a low likelihood of exploitation in the wild as of the last measurement, though the flaw remains a significant risk in targeted or insider scenarios. The vulnerability requires an authenticated user with a Subscriber role or higher to trigger, so the attack vector is inferred to be internal or credential\u2011compromise based. The lack of a CISA KEV listing does not diminish the potential damage if the flaw is exploited."}}}}, "created": "2026-04-22T01:45:05.620485+00:00", "updated": "2026-04-22T01:45:05.620499+00:00", "vendors": []}