- Description
- The Vehica Core plugin for WordPress, used by the Vehica - Car Dealer & Listing WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 1.0.97. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-269
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
🚨 CVE-2025-3105 🔴 HIGH (8.8) 🏢 TangibleWP - Vehica Core 🏗️ * 🔗 https://t.co/iwHtwjL1uz 🔗 https://t.co/x498hD1gva #CyberCron #VulnAlert #InfoSec https://t.co/zoq3A9lua6
@cybercronai
4 Apr 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2025-3105 | Vehica Core Plugin up to 1.0.97 on WordPress privileges management) has been published on https://t.co/uhYLmJ8krQ
@WolfgangSesin
4 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3105 The Vehica Core plugin for WordPress, used by the Vehica - Car Dealer & Listing WordPress Theme, is vulnerable to privilege escalation in all versions up to, and includ… https://t.co/aXrR9vsScu
@CVEnew
4 Apr 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-3105: HIGH] Critical WordPress vulnerability alert! Vehica Core plugin exposes sites to privilege escalation up to version 1.0.97, allowing attackers to gain Admin access. Update immediately for cyber se...#cybersecurity,#vulnerability https://t.co/WHLxiYwvUA https://t.
@CveFindCom
4 Apr 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes