CVE-2025-3101HIGH 8.8EPSS p22.7%

CVE-2025-3101CVE-2025-3101

Description

The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.7. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.31% probability of exploitation · percentile 22.7% · 2026-06-19T12:03:05Z
Published2025-04-24
Last modified2026-04-15

Underlying weaknesses· 1

CWE-269

References

  1. https://themeforest.net/item/configurator-woocommerce-wordpress-theme/20474230
  2. https://www.wordfence.com/threat-intel/vulnerabilities/id/535aa061-479f-415e-bee6-3151c42b917e?source=cve

1

TypeTargetConfidenceTier
WeaknessImproper Privilege Managementcwe-2690%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-3418
CVE
CVE-2025-7722
CVE
CVE-2025-1295
CVE
CVE-2025-3607
CVE
CVE-2025-3105
CVE
CVE-2025-2563
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.