- Description
- The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in all versions up to, and including, 3.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impersonate any account by supplying its username or email and elevate their privileges to that of an administrator.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-862
- Hype score
- Not currently trending
CVE-2025-3876 (CVSS:8.8, HIGH) is Awaiting Analysis. The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insuff..https://t.co/qnIymcwF3Z #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
15 May 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-3876 🔴 HIGH (8.8) 🏢 cozyvision1 - SMS Alert Order Notifications – WooCommerce 🏗️ * 🔗 https://t.co/NkN981GYd5 🔗 https://t.co/vzLApKvfZJ 🔗 https://t.co/PwzHNkiumL 🔗 https://t.co/VO99wjWwnT 🔗 https://t.co/Hh5U4M0ap4 #CyberCron #VulnAlert #In
@cybercronai
10 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3876 The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginC… https://t.co/lqxI2jHiqZ
@CVEnew
10 May 2025
526 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-3876: HIGH] WordPress plugin vulnerable to Privilege Escalation! SMS Alert Order Notifications - WooCommerce plugin versions up to 3.8.1 allow attackers to impersonate and elevate privileges. #cybers...#cve,CVE-2025-3876,#cybersecurity https://t.co/qIclK5k3iF https://t.
@CveFindCom
10 May 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cozyvision:sms_alert_order_notifications:*:*:*:*:free:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "FC050880-F7A8-436C-AD72-5E4201199421",
"versionEndExcluding": "3.8.2"
}
],
"operator": "OR"
}
]
}
]