CVE-2025-4335 – “WordPress Woocommerce Multiple Addresses Privilege Escalation Vulnerability”

May 6, 2025

CVE ID : CVE-2025-4335

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1. This is due to insufficient restrictions on user meta that can be updated through the save_multiple_shipping_addresses() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleHackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised

Next Article CVE-2025-4220 – Xavin’s List Subpages WordPress Stored Cross-Site Scripting Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

Microsoft shares rare look at radical Windows 11 Start menu designs it explored before settling on the least interesting one of the bunch

NVIDIA’s new GPU driver adds DOOM: The Dark Ages support and improves DLSS in Microsoft Flight Simulator 2024

How to install and use Ollama to run AI LLMs on your Windows 11 PC

Community News: Latest PECL Releases (05.13.2025)

Community News: Latest PECL Releases (05.13.2025)

How We Use Epic Branches. Without Breaking Our Flow.

I think the ergonomics of generators is growing on me.

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

Microsoft shares rare look at radical Windows 11 Start menu designs it explored before settling on the least interesting one of the bunch

NVIDIA’s new GPU driver adds DOOM: The Dark Ages support and improves DLSS in Microsoft Flight Simulator 2024

CVE-2025-4335 – “WordPress Woocommerce Multiple Addresses Privilege Escalation Vulnerability”

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2024-13940 – Ninja Forms Webhooks SSRF Vulnerability

20+ Free Analog Film Lightroom Presets for Photographers

Monster Hunter Wilds has received updated PC Spec requirements and a new PC Benchmark program to help players test them out

GenAI has just made usability testing the most valuable research method

Meet Mesop: A Python-based UI Framework that Allows You to Build Web Apps like Demos and Internal AI/ Machine Learning Apps

Google researchers successfully found a zero-day vulnerability using LLM assisted vulnerability detection

ZealousWeb LLC

Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware

Collective #845

CVE-2025-4335 – “WordPress Woocommerce Multiple Addresses Privilege Escalation Vulnerability”

Related Posts