Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-4335

The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1. This is due to insufficient restrictions on user meta that can be updated through the save_multiple_shipping_addresses() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.

Published

2025-05-07T03:15:19.370

Last Modified

2025-05-07T14:13:20.483

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-269

Affected Vendors & Products

References

https://plugins.trac.wordpress.org/browser/woocommerce-multiple-addresses/trunk/class-woocommerce-multiple-addresses.php#L522 ([email protected])
https://www.wordfence.com/threat-intel/vulnerabilities/id/95e74e70-9dc9-4e63-b371-fd2a38692907?source=cve ([email protected])