CVE-2025-3105 - Vulnerability Details

- Vehica Core <= 1.0.97 - Authenticated (Subscriber+) Privilege Escalation

Description

The Vehica Core plugin for WordPress, used by the Vehica - Car Dealer & Listing WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 1.0.97. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator.

Published: 2025-04-04

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability in the Vehica Core plugin allows an authenticated user with Subscriber-level access to alter user meta fields that are not properly validated before database updates. This flaw enables such a user to elevate their privileges to Administrator, gaining full control over the WordPress site. The weakness is classified as CWE-269, an improper privilege escalation flaw.

Affected Systems

TangibleWP’s Vehica Core plugin, versions up to and including 1.0.97, is affected. The plugin is used in conjunction with the Vehica – Car Dealer & Listing WordPress Theme, and any site deploying these components under the identified versions is at risk.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity vulnerability, but the EPSS score of less than 1% suggests a low likelihood of exploitation under current conditions. The vulnerability is not listed in the CISA KEV catalog. Attacks would require an authenticated user already possessing Subscriber privileges or higher, after which the improper validation of user meta fields would be exploited to gain Administrator rights.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TangibleWP

Vehica Core

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.0.97

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update Vehica Core to version 1.0.98 or later to eliminate the privilege escalation flaw.
If an immediate update is not possible, remove or restrict the ability of Subscriber-level users to edit user meta fields, for example by applying a role‑management plugin that limits this capability.
Conduct a review of existing user accounts and metadata to ensure no unintended privilege changes have been made, and enforce least‑privilege practices for role assignments.

Generated by OpenCVE AI on April 22, 2026 at 17:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-9680	The Vehica Core plugin for WordPress, used by the Vehica - Car Dealer & Listing WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 1.0.97. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00255.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://support.vehica.com/support/solutions/articles/101000393710
https://www.wordfence.com/threat-intel/vulnerabilities/id/0b787d6f-d002-4f09-8336-ebb91321e20b?source=cve

History

Fri, 04 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 04 Apr 2025 07:45:00 +0000

Type	Values Removed	Values Added
Description		The Vehica Core plugin for WordPress, used by the Vehica - Car Dealer & Listing WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 1.0.97. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator.
Title		Vehica Core <= 1.0.97 - Authenticated (Subscriber+) Privilege Escalation
Weaknesses		CWE-269
References		https://support.vehica.com/support/solutions/articles/101000393710 https://www.wordfence.com/threat-intel/vulnerabilities/id/0b787d6f-d002-4f09-8336-ebb91321e20b?source=cve
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2025-04-04T07:27:41.997Z

Updated: 2026-04-08T16:34:52.481Z

Reserved: 2025-04-01T22:33:18.158Z

Link: CVE-2025-3105

Vulnrichment

Updated: 2025-04-04T13:15:51.433Z

NVD

Status : Deferred

Published: 2025-04-04T08:15:14.190

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-3105

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-22T17:45:22Z

Weaknesses

CWE-269

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object