CVE-2025-3851 – WordPress SmartPay Insecure Direct Object Reference Vulnerability

May 6, 2025

CVE ID : CVE-2025-3851

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 1.1.0 to 2.7.13 via the show() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user’s data like email address, name, and notes.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3852 – WordPress WPshop E-Commerce Privilege Escalation Vulnerability

Next Article CVE-2025-3844 – PeproDev Ultimate Profile Solutions WordPress Authentication Bypass

Agent Mode for Gemini added to Android Studio

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

Where to buy a Meta Quest 3S Xbox Edition — and why it’s a better bargain than the “normal” Meta Quest 3S

Vite 7.0 Is Out

Vite 7.0 Is Out

Exploring JavaScript ES2025 Edition

Mastering Mixed DML Operations in Apex

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

CVE-2025-3851 – WordPress SmartPay Insecure Direct Object Reference Vulnerability

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials

Urgent Advantech Alert: Critical Flaws (CVSS 9.6) Expose Industrial Automation to Remote Takeover, PoC Releases

CVE-2025-3974 – PHPGurukul COVID19 Testing Management System SQL Injection Vulnerability

CVE-2025-46577 – GoldenDB Database SQL Injection Vulnerability

CVE-2025-3849 – YXJ2018 SpringBoot-Vue-OnlineExam Remote Unverified Password Change Vulnerability

InstallAware releases flexible installer source code under BSL

Qilin offers “Call a lawyer” button for affiliates attempting to extort ransoms from victims who won’t pay

TagStudio is an impressive tag-based photo and file organization program

This charmingly witchy 4-player life sim is one of 2025’s most anticipated indie games (and it’s coming to Xbox Game Pass)

CVE-2025-27558 – Wi-Fi Protected Access (WPA, WPA2, WPA3) and Wired Equivalent Privacy (WEP) Mesh Network FragAttacks

CVE-2025-3851 – WordPress SmartPay Insecure Direct Object Reference Vulnerability

Related Posts