CVE-2025-3851 – WordPress SmartPay Insecure Direct Object Reference Vulnerability

May 6, 2025

CVE ID : CVE-2025-3851

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 1.1.0 to 2.7.13 via the show() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user’s data like email address, name, and notes.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3852 – WordPress WPshop E-Commerce Privilege Escalation Vulnerability

Next Article CVE-2025-3844 – PeproDev Ultimate Profile Solutions WordPress Authentication Bypass

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

3 portable power stations I travel everywhere with (and how they differ)

I tried Lenovo’s new rollable ThinkBook and can’t go back to regular-sized screens

The Creators of the Acclaimed Silent Hill 2 Remake Present a Deep Dive Into the Story of Their Newest Horror Game IP — and It’s So Bizarre and Insane That It’s Convinced Me To Put It on My Wishlist

Forget Back to School Deals — Lenovo’s Clearance Sale is Where You’ll Find Amazing Discounts on Laptops, Mini PCs, and More, While Supplies Last

spatie/laravel-flare

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Generate Postman Collections from Laravel Routes

The Creators of the Acclaimed Silent Hill 2 Remake Present a Deep Dive Into the Story of Their Newest Horror Game IP — and It’s So Bizarre and Insane That It’s Convinced Me To Put It on My Wishlist

The Creators of the Acclaimed Silent Hill 2 Remake Present a Deep Dive Into the Story of Their Newest Horror Game IP — and It’s So Bizarre and Insane That It’s Convinced Me To Put It on My Wishlist

Forget Back to School Deals — Lenovo’s Clearance Sale is Where You’ll Find Amazing Discounts on Laptops, Mini PCs, and More, While Supplies Last

The Gaming Desktop I’ve Relied on More Than Any Other Is More Powerful and Sleeker Than Ever — But Damn, It’s Expensive

CVE-2025-3851 – WordPress SmartPay Insecure Direct Object Reference Vulnerability

Android adware: What is it, and how do I get it off my device?

Black Hat USA 2025: Is a high cyber insurance premium about your risk, or your insurer’s?

CVE-2025-6739 – WordPress WPQuiz SQL Injection Vulnerability

CVE-2025-28386 – OpenC3 COSMOS Plugin Management RCE

CVE-2025-47866 – Trend Micro Apex Central Unrestricted File Upload Vulnerability

Kettering Health Hit by Cyberattack: Network Outage and Scam Calls Reported

This AI Paper Introduces an LLM+FOON Framework: A Graph-Validated Approach for Robotic Cooking Task Planning from Video Instructions

Chimera is a general-purpose Linux-based OS

13 Best Free and Open Source Terminal-Based Podcast Tools

CVE-2025-3457 – WordPress Ocean Extra Stored Cross-Site Scripting Vulnerability

CVE-2025-3851 – WordPress SmartPay Insecure Direct Object Reference Vulnerability

Related Posts