{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-69347", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-31T20:12:28.143Z", "datePublished": "2026-03-25T16:14:21.905Z", "dateUpdated": "2026-04-28T16:14:38.637Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "subscription", "product": "WPSubscription", "vendor": "Convers Lab", "versions": [{"changes": [{"at": "1.8.11", "status": "unaffected"}], "lessThanOrEqual": "1.8.10", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Jitlada | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:18:35.256Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects WPSubscription: from n/a through <= 1.8.10.</p>"}], "value": "Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through <= 1.8.10."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:38.637Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/subscription/vulnerability/wordpress-wpsubscription-plugin-1-8-10-insecure-direct-object-references-idor-vulnerability?_s_id=cve"}], "title": "WordPress WPSubscription plugin <= 1.8.10 - Insecure Direct Object References (IDOR) vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T19:52:07.950902Z", "id": "CVE-2025-69347", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T19:52:12.575Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-69347", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-27T19:52:07.950902Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T15:43:43.397Z"}}], "cna": {"title": "WordPress WPSubscription plugin <= 1.8.10 - Insecure Direct Object References (IDOR) vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Jitlada | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Convers Lab", "product": "WPSubscription", "versions": [{"status": "affected", "changes": [{"at": "1.8.11", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "1.8.10"}], "packageName": "subscription", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:18:35.256Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/subscription/vulnerability/wordpress-wpsubscription-plugin-1-8-10-insecure-direct-object-references-idor-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through <= 1.8.10.", "supportingMedia": [{"type": "text/html", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects WPSubscription: from n/a through <= 1.8.10.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T14:14:01.135Z"}}}, "cveMetadata": {"cveId": "CVE-2025-69347", "state": "PUBLISHED", "dateUpdated": "2026-04-27T19:52:12.575Z", "dateReserved": "2025-12-31T20:12:28.143Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-25T16:14:21.905Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through <= 1.8.10."}, {"lang": "es", "value": "Elusi\u00f3n de autorizaci\u00f3n a trav\u00e9s de vulnerabilidad de clave controlada por el usuario en la suscripci\u00f3n de Convers Lab WPSubscription permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WPSubscription: desde n/a hasta &lt;= 1.8.10."}], "id": "CVE-2025-69347", "lastModified": "2026-04-27T21:16:24.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2026-03-25T17:16:27.690", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/subscription/vulnerability/wordpress-wpsubscription-plugin-1-8-10-insecure-direct-object-references-idor-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.8.10]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[1.8.11,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "WPSubscription", "source": "cna", "vendor": "Convers Lab"}, "product": "wpsubscription", "vendor": "convers_lab"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-29T00:39:29.608275+00:00", "value": {"mitigation_remediation": ["Update WPSubscription to a version newer than 1.8.10.", "Restrict access to subscription management to users with the highest necessary privileges and disable or remove any exposed endpoints that allow direct key manipulation.", "Audit the site\u2019s role\u2011based access controls to ensure that no excess permissions are granted for subscription data."], "summary": {"action": "Immediate Patch", "impact": "Authorization Bypass"}, "threat_synthesis": {"affected_systems": "All WordPress sites running the Convers Lab WPSubscription plugin version 1.8.10 or earlier are vulnerable, as the flaw exists in all releases from the earliest available version up to and including 1.8.10.", "description_and_impact": "The WPSubscription plugin contains an insecure direct object reference flaw that permits a user to supply a manipulated key in web requests, bypassing the intended access controls. By crafting such requests, an attacker can view or alter subscription data that belongs to other users, leading to the disclosure or modification of confidential subscription information. This vulnerability is a classic example of authorization bypass through a user-controlled key, identified as CWE-639.", "risk_and_exploitability": "The CVSS score of 8.6 places this issue in the high severity range, while the EPSS score of less than 1% indicates a low overall exploitation likelihood. The plugin is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is via crafted HTTP requests that manipulate the plugin\u2019s key parameter. An attacker who succeeds would gain read or write access to data that should be protected by proper authorization checks."}}}}, "created": "2026-03-25T21:35:32.524243+00:00", "updated": "2026-04-29T00:45:26.162595+00:00", "vendors": ["convers_lab", "convers_lab$PRODUCT$wpsubscription", "wordpress", "wordpress$PRODUCT$wordpress"]}