CVE-2025-3876 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handle…
High CVSS: 8.8

CVE-2025-3876

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in all versions up to, and including, 3.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impersonate any account by supplying its username or email and elevate their privileges to that of an administrator.
Vendor
Cozyvision
Product
Sms Alert Order Notifications
CWE
CWE-862
Yayın Tarihi
2025-05-10 12:15:35
Güncelleme
2025-05-21 13:35:09
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-862 Sms Alert Order Notifications HIGH Cozyvision 2025

Referanslar

https://plugins.trac.wordpress.org/browser/sms-alert/tags/3.8.0/handler/forms/class-wplogin.php#L145 https://plugins.trac.wordpress.org/browser/sms-alert/tags/3.8.0/handler/forms/class-wplogin.php#L447 https://plugins.trac.wordpress.org/changeset/3290478/ https://wordpress.org/plugins/sms-alert/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/1cf65f79-d386-4dd4-a360-b2f764dfaf19?source=cve