- Description
- The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1. This is due to insufficient restrictions on user meta that can be updated through the save_multiple_shipping_addresses() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-269
- Hype score
- Not currently trending
CVE-2025-4335 (CVSS:8.8, HIGH) is Awaiting Analysis. The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and..https://t.co/xbppwBTRxP #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
12 May 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ CVE-2025-4335 ๐ด HIGH (8.8) ๐ข n3wnormal - Woocommerce Multiple Addresses ๐๏ธ * ๐ https://t.co/UrUEXEMulT ๐ https://t.co/Pb9Rqbi0Lp #CyberCron #VulnAlert #InfoSec https://t.co/BmaQgcQ7BO
@cybercronai
7 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4335 WordPress Woocommerce Multiple Addresses Plugin Privilege Escalation via User Meta Manipulation https://t.co/qEraU8oly1
@VulmonFeeds
7 May 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes