- Description
- The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.7. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-269
- Hype score
- Not currently trending
🚨 CVE-2025-3101 🔴 HIGH (8.8) 🏢 wp-configurator - Configurator Theme Core 🏗️ * 🔗 https://t.co/I9TV6I1mgB 🔗 https://t.co/skkL5laIcr #CyberCron #VulnAlert #InfoSec https://t.co/MsjyHFayZ8
@cybercronai
24 Apr 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
�� CVE-2025-3101 - WordPress - HIGH 🚨 🗓️ Date published 2025-04-24 09:15:30 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/wFV4GyXlvB
@vulns_space
24 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-3101: HIGH] WordPress Configurator Theme Core plugin v1.4.7 and below is vulnerable to privilege escalation. Attackers can exploit this flaw to escalate their access to administrator level.#cve,CVE-2025-3101,#cybersecurity https://t.co/ij3w6oCyFf https://t.co/I76Mbn7ywQ
@CveFindCom
24 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3101 The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.7. This is due to the plugin not proper… https://t.co/fBrMbFldJD
@CVEnew
24 Apr 2025
97 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes