** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-25171. Reason: This candidate is a reservation duplicate of CVE-2025-25171. Notes: All CVE users should reference CVE-2025-25171 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

No reference.

History

Thu, 24 Jul 2025 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-639
CPEs cpe:2.3:a:themesgrove:wp_smartpay:*:*:*:*:*:wordpress:*:*
Vendors & Products Themesgrove
Themesgrove wp Smartpay
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 24 Jul 2025 21:15:00 +0000

Type Values Removed Values Added
Title Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 24 Jul 2025 20:30:00 +0000

Type Values Removed Values Added
Description The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 1.1.0 to 2.7.13. This is due to the plugin not properly validating a user's identity prior to updating their email through the update() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-25171. Reason: This candidate is a reservation duplicate of CVE-2025-25171. Notes: All CVE users should reference CVE-2025-25171 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Wed, 16 Jul 2025 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Themesgrove
Themesgrove wp Smartpay
CPEs cpe:2.3:a:themesgrove:wp_smartpay:*:*:*:*:*:wordpress:*:*
Vendors & Products Themesgrove
Themesgrove wp Smartpay

Wed, 02 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 02 Jul 2025 04:00:00 +0000

Type Values Removed Values Added
Description The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 1.1.0 to 2.7.13. This is due to the plugin not properly validating a user's identity prior to updating their email through the update() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
Title Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}
cve-icon MITRE

Status: REJECTED

Assigner: Wordfence

Published:

Updated: 2025-07-24T20:13:31.277Z

Reserved: 2025-04-21T13:47:42.362Z

Link: CVE-2025-3848

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2025-07-02T04:15:52.193

Modified: 2025-07-24T21:15:28.740

Link: CVE-2025-3848

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.