CVE-2025-3105HIGH 8.8EPSS p23.6%

CVE-2025-3105CVE-2025-3105

Description

The Vehica Core plugin for WordPress, used by the Vehica - Car Dealer & Listing WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 1.0.97. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.32% probability of exploitation · percentile 23.6% · 2026-06-19T12:03:05Z
Published2025-04-04
Last modified2026-04-15

Underlying weaknesses· 1

CWE-269

References

  1. https://support.vehica.com/support/solutions/articles/101000393710
  2. https://www.wordfence.com/threat-intel/vulnerabilities/id/0b787d6f-d002-4f09-8336-ebb91321e20b?source=cve

1

TypeTargetConfidenceTier
WeaknessImproper Privilege Managementcwe-2690%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-3101
CVE
CVE-2025-13764
CVE
CVE-2025-1682
CVE
CVE-2025-15096
CVE
CVE-2025-4322
CVE
CVE-2025-2238
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.