{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-5701", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-04T21:39:51.682Z", "datePublished": "2025-06-05T11:15:05.674Z", "dateUpdated": "2026-04-08T16:34:07.107Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:34:07.107Z"}, "affected": [{"vendor": "siteheart", "product": "HyperComments", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.2.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site."}], "title": "HyperComments <= 1.2.2 - Unauthenticated (Subscriber+) Arbitrary Options Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07fd6bee-5b00-4fc1-9f7a-3857fd35c763?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/hypercomments/trunk/hypercomments.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Matteo Leonelli"}, {"lang": "en", "type": "finder", "value": "David Dewes"}], "timeline": [{"time": "2025-06-04T22:12:40.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-05T14:28:43.168001Z", "id": "CVE-2025-5701", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-05T14:29:15.185Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5701", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-05T14:28:43.168001Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-05T14:28:54.156Z"}}], "cna": {"title": "HyperComments <= 1.2.2 - Unauthenticated (Subscriber+) Arbitrary Options Update", "credits": [{"lang": "en", "type": "finder", "value": "Matteo Leonelli"}, {"lang": "en", "type": "finder", "value": "David Dewes"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "siteheart", "product": "HyperComments", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.2.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-06-04T22:12:40.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07fd6bee-5b00-4fc1-9f7a-3857fd35c763?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/hypercomments/trunk/hypercomments.php"}], "descriptions": [{"lang": "en", "value": "The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:34:07.107Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5701", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:34:07.107Z", "dateReserved": "2025-06-04T21:39:51.682Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-06-05T11:15:05.674Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site."}, {"lang": "es", "value": "El complemento HyperComments para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos, lo que puede provocar una escalada de privilegios debido a la falta de una comprobaci\u00f3n de capacidad en la funci\u00f3n hc_request_handler en todas las versiones hasta la 1.2.2 incluida. Esto permite a atacantes no autenticados actualizar opciones arbitrarias en el sitio de WordPress. Esto puede aprovecharse para actualizar el rol predeterminado de registro a administrador y habilitar el registro de usuarios para que los atacantes obtengan acceso administrativo a un sitio vulnerable."}], "id": "CVE-2025-5701", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-06-05T12:15:24.233", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/hypercomments/trunk/hypercomments.php"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07fd6bee-5b00-4fc1-9f7a-3857fd35c763?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T14:52:44.918906+00:00", "value": {"mitigation_remediation": ["Update HyperComments to the latest version (\u22651.2.3) as soon as possible.", "Revoke or restrict the default role for new registrations and disable user registration if not required for the site\u2019s operation.", "Review existing user accounts and remove any newly created administrator accounts, and enable logging of option changes to detect future unauthorized activity."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation via arbitrary option updates"}, "threat_synthesis": {"affected_systems": "All WordPress sites that have the HyperComments plugin version 1.2.2 or earlier installed are impacted. The vulnerability exists in the siteheart:HyperComments plugin as distributed to users through the WordPress plugin repository.", "description_and_impact": "The HyperComments plugin for WordPress contains a missing capability check on the hc_request_handler function, allowing unauthenticated users to modify any WordPress option. An attacker can use this to change the default role for new registrations to administrator, enable user registration, and thereby create an administrative account with full access to the site. This flaw leads directly to privileged control over the affected WordPress installation.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity weakness, and the EPSS score of 13% suggests a moderate likelihood of exploitation. The vulnerability was not listed in CISA KEV. Based on the description, it is inferred that the attacker can exploit the flaw remotely by sending crafted HTTP requests to the plugin\u2019s request handler, without any authentication. Once successful, the attacker can perform privilege escalation and take full administrative control of the site."}}}}, "created": "2025-06-16T13:33:40.627347+00:00", "updated": "2026-04-22T15:00:05.612202+00:00", "vendors": ["siteheart", "siteheart$PRODUCT$hypercomments_plugin", "wordpress", "wordpress$PRODUCT$wordpress"]}