{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-5692", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-04T20:04:29.128Z", "datePublished": "2025-07-02T02:03:53.387Z", "dateUpdated": "2025-07-02T13:19:20.933Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-07-02T02:03:53.387Z"}, "affected": [{"vendor": "smackcoders", "product": "Lead Form Data Collection to CRM", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "3.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the doFieldAjaxAction() function in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. Other AJAX actions handling plugin settings are also insufficiently protected and exploitable."}], "title": "Lead Form Data Collection to CRM <= 3.1 - Authenticated (Subscriber+) Arbitrary Options Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26404b5c-a0f2-4223-be61-1f03873666fb?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-leads-builder-any-crm/trunk/includes/Functions.php#L423"}, {"url": "https://wordpress.org/plugins/wp-leads-builder-any-crm/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3319750%40wp-leads-builder-any-crm&new=3319750%40wp-leads-builder-any-crm&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Youcef Hamdani"}], "timeline": [{"time": "2025-06-20T07:21:42.000+00:00", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-07-01T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-02T13:01:32.622634Z", "id": "CVE-2025-5692", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-02T13:19:20.933Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5692", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-02T13:01:32.622634Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-02T13:05:28.766Z"}}], "cna": {"title": "Lead Form Data Collection to CRM <= 3.1 - Authenticated (Subscriber+) Arbitrary Options Update", "credits": [{"lang": "en", "type": "finder", "value": "Youcef Hamdani"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "smackcoders", "product": "Lead Form Data Collection to CRM", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-06-20T07:21:42.000+00:00", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-07-01T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26404b5c-a0f2-4223-be61-1f03873666fb?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-leads-builder-any-crm/trunk/includes/Functions.php#L423"}, {"url": "https://wordpress.org/plugins/wp-leads-builder-any-crm/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3319750%40wp-leads-builder-any-crm&new=3319750%40wp-leads-builder-any-crm&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the doFieldAjaxAction() function in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. Other AJAX actions handling plugin settings are also insufficiently protected and exploitable."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-07-02T02:03:53.387Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5692", "state": "PUBLISHED", "dateUpdated": "2025-07-02T13:19:20.933Z", "dateReserved": "2025-06-04T20:04:29.128Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-02T02:03:53.387Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the doFieldAjaxAction() function in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. Other AJAX actions handling plugin settings are also insufficiently protected and exploitable."}, {"lang": "es", "value": "El complemento Lead Form Data Collection to CRM de WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos, lo que puede provocar una escalada de privilegios debido a la falta de una comprobaci\u00f3n de capacidad en la funci\u00f3n doFieldAjaxAction() en todas las versiones hasta la 3.1 incluida. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, actualicen opciones arbitrarias en el sitio de WordPress. Esto puede aprovecharse para actualizar el rol predeterminado de registro a administrador y habilitar el registro de usuarios para que los atacantes obtengan acceso administrativo a un sitio vulnerable. Otras acciones AJAX que gestionan la configuraci\u00f3n del complemento tambi\u00e9n carecen de protecci\u00f3n suficiente y son vulnerables a ataques."}], "id": "CVE-2025-5692", "lastModified": "2025-07-03T15:14:12.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-07-02T03:15:23.680", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-leads-builder-any-crm/trunk/includes/Functions.php#L423"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3319750%40wp-leads-builder-any-crm&new=3319750%40wp-leads-builder-any-crm&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/wp-leads-builder-any-crm/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26404b5c-a0f2-4223-be61-1f03873666fb?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}