AI description
CVE-2025-3776 is a vulnerability found in the Verification SMS with TargetSMS plugin for WordPress, affecting versions up to and including 1.5. The vulnerability allows for limited Remote Code Execution (RCE) due to a lack of validation on the type of function that can be called via the 'targetvr_ajax_handler' function. This flaw stems from the use of `call_user_func()` on user-controlled input without proper sanitization against a whitelist of allowed functions. As a result, unauthenticated attackers can execute arbitrary PHP functions that exist in memory, potentially leading to the execution of commands like phpinfo() or other malicious functions if an attacker can load them.
- Description
- The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code Execution in all versions up to, and including, 1.5 via the 'targetvr_ajax_handler' function. This is due to a lack of validation on the type of function that can be called. This makes it possible for unauthenticated attackers to execute any callable function on the site, such as phpinfo().
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.3
- Impact score
- 3.7
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
- Severity
- HIGH
- security@wordfence.com
- CWE-94
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
53
Top 5 Trending CVEs: 1 - CVE-2025-3776 2 - CVE-2025-31125 3 - CVE-2025-31161 4 - CVE-2018-17144 5 - CVE-2025-26529 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
5 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Just dropped a custom Nuclei template for CVE-2025-3776 (WordPress TargetSMS Plugin ≤ 1.5) ➤ Unauthenticated function call via admin-ajax.php ➤ Allows execution of any callable PHP function (e.g. phpinfo) ➤ Nuclei severity: high (8.3) #bugbounty #nuclei #WordPress #RCE h
@0xnorbit44133
4 May 2025
13 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-3776 2 - CVE-2024-26809 3 - CVE-2025-46337 4 - CVE-2025-26529 5 - CVE-2025-32433 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
4 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-3776: Full WordPress Takeover Without Login (Critical RCE Exploit) Credit: https://t.co/5UsgzLo4J0 https://t.co/9gEAqtDp4Y
@DarkWebInformer
3 May 2025
48908 Impressions
181 Retweets
923 Likes
711 Bookmarks
6 Replies
3 Quotes
🚨 CVE-2025-3776 🔴 HIGH (8.3) 🏢 cajka - Verification SMS with TargetSMS 🏗️ * 🔗 https://t.co/AHLnKVklzI 🔗 https://t.co/rpOZSwigeP 🔗 https://t.co/8u4cCLYi8Q #CyberCron #VulnAlert #InfoSec https://t.co/4vbJDIBxLf
@cybercronai
24 Apr 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2025-3776 | Verification SMS with TargetSMS Plugin up to 1.5 on WordPress targetvr_ajax_handler code injection) has been published on https://t.co/rOgWhPU6vq
@WolfgangSesin
24 Apr 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
�� CVE-2025-3776 - WordPress - HIGH 🚨 🗓️ Date published 2025-04-24 09:15:31 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/QEbxcZ70LH
@vulns_space
24 Apr 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-3776: HIGH] Vulnerability alert: TargetSMS plugin for WordPress up to version 1.5 at risk of Remote Code Execution via 'targetvr_ajax_handler' function, allowing unauthenticated attackers to execute ...#cve,CVE-2025-3776,#cybersecurity https://t.co/TOOK8Sn9z0 https://t.
@CveFindCom
24 Apr 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3776 The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code Execution in all versions up to, and including, 1.5 via the 'targetvr_ajax… https://t.co/FMoCLe2HDg
@CVEnew
24 Apr 2025
223 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes