CVE-2025-3852

07.05.2025, 03:15

The WPshop 2  E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email & password through the update() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Wordfence	CNA	8.8 HIGH				CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 25%

Common Weakness Enumeration

CWE-269 - Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References

https://plugins.trac.wordpress.org/browser/wpshop/tags/2.6.0//core/external/eo-framework/modules/wpeo-model/class/user.class.php#L132

https://plugins.trac.wordpress.org/browser/wpshop/tags/2.6.0//modules/api/action/class-api-action.php#L32

https://plugins.trac.wordpress.org/browser/wpshop/tags/2.6.0/core/external/eo-framework/modules/wpeo-model/class/rest.class.php#L41

https://www.wordfence.com/threat-intel/vulnerabilities/id/96b8186c-dfe9-4137-b28d-cc09a25aa9ac?source=cve