CVE-2025-3906 – Eduzz WooCommerce Unauthorized Data Modification Vulnerability

April 26, 2025

CVE ID : CVE-2025-3906

Published : April 26, 2025, 6:15 a.m. | 1 hour, 15 minutes ago

Description : The Integração entre Eduzz e Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘wep_opcoes’ function in all versions up to, and including, 1.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit the default registration role within the plugin’s registration flow to Administrator, which allows any user to create an Administrator account.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3491 – WordPress Add Custom Page Template PHP Code Injection

Next Article CVE-2025-2907 – WordPress Order Delivery Date Plugin Authentication Bypass and CSRF Vulnerability

Highlights

CVE-2025-28032 – TOTOLINK Router Pre-Auth Buffer Overflow Vulnerability

April 22, 2025

CVE ID : CVE-2025-28032

Published : April 22, 2025, 2:15 p.m. | 22 minutes ago

Description : TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpForm parameter.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Windows Recall finally launches, Oblivion Remastered surprise drops, and Drug Dealer Simulator devs speak out

This tiny Bluetooth speaker delivers loud, distortion-free sound – and it’s on sale

Are you playing The Elder Scrolls 4: Oblivion Remastered, and if so, what do you think? — Weekend discussion 💬

I’ve been trying to figure out why these AR glasses cost $700, but I’m frankly stumped

Perficient Included in IDC Market Glance: Healthcare Provider Operational IT Solutions, 1Q25

Perficient Included in IDC Market Glance: Healthcare Provider Operational IT Solutions, 1Q25

Natural Language Q&A in Optimizely CMS Using Azure OpenAI and AI Search

Closing Deals Faster: The Future of Sales with AI & Personalization

Windows Recall finally launches, Oblivion Remastered surprise drops, and Drug Dealer Simulator devs speak out

Windows Recall finally launches, Oblivion Remastered surprise drops, and Drug Dealer Simulator devs speak out

Windows 11 24H2 colourful battery icons for taskbar are still coming, but no ETA, says Microsoft

Git Interactive Rebase Tool – terminal-based sequence editor for interactive rebase

CVE-2025-3906 – Eduzz WooCommerce Unauthorized Data Modification Vulnerability

Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery

Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan

The 25+ best Black Friday Samsung deals 2024: Early sales available now

codewithdennis/filament-select-tree

SeleniumGreed: The Growing Threat of Cryptomining via Exposed Selenium Grid Services

Star Rating Component for Vue 2

CVE-2025-28032 – TOTOLINK Router Pre-Auth Buffer Overflow Vulnerability

This AI Paper by Microsoft and Tsinghua University Introduces YOCO: A Decoder-Decoder Architectures for Language Models

Universal Design for Cognitive Disabilities in Healthcare-The Power of Repetition and Summarization

SteamOS

CVE-2025-3906 – Eduzz WooCommerce Unauthorized Data Modification Vulnerability

Related Posts