cleantalk
Vulnerabilities and Security Researches

Integração entre Eduzz e Woocommerce, CVE-2025-3906

CVE, Research URL

CVE-2025-3906

Home page URL

Security reports for Integração entre Eduzz e Woocommerce

Application

Integração entre Eduzz e Woocommerce

Published on
Apr 26, 2025
Research Description
The Integração entre Eduzz e Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wep_opcoes' function in all versions up to, and including, 1.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit the default registration role within the plugin's registration flow to Administrator, which allows any user to create an Administrator account.
Affected versions
Min -, max 1.7.5.
Status
vulnerable
Previous vulnerability researches
360 Product Rotation (CVE-2024-13823) , Apr 26, 2025
360 Product Rotation (CVE-2019-15082) , Jun 06, 2024
New vulnerability
WS Form LITE – Drag & Drop Contact Form Builder for WordPress (CVE-2025-3912) , Apr 28, 2025
Upsell Order Bump Offer for WooCommerce – Increase Sales and AOV, Upsell & Cross-sell Offers on Checkout Page (CVE-2025-3743) , Apr 28, 2025
ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes (CVE-2025-3280) , Apr 28, 2025
FuseDesk (CVE-2025-3832) , Apr 27, 2025
Create custom forms for WordPress with a smart form plugin for smart businesses – Form builder for WordPress (CVE-2025-2801) , Apr 27, 2025