Critical severity9.8NVD Advisory· Published May 9, 2025· Updated Jun 17, 2026
CVE-2025-3810
CVE-2025-3810
Description
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the edit_profile_data() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses and passwords, including administrators, and leverage that to gain access to their account.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<=1.0.2+ 1 more
- (no CPE)range: <=1.0.2
- (no CPE)
- Range: 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.