How severe is CVE-2025-3438?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2025-3438?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2025-3438 - HIGH Severity | CVSS 7.3

Vulnerability Description

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. This is due to a lack of restriction of role when registering. This makes it possible for unauthenticated attackers to to register with the 'wcfm_vendor' role, which is a Store Vendor role in the WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress. The vulnerability can only be exploited if the WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin is installed and activated. The vulnerability was partially patched in version 4.17.3.

Related Vulnerabilities

CVE-2013-2012

HIGH

CVSS:7.3(High)

autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory.

CWE-2692013

CVE-2017-14484

HIGH

CVSS:7.3(High)

The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an...

CWE-2692017

CVE-2019-11270

HIGH

CVSS:7.3(High)

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created vi...

CWE-2692019

CVE-2019-11288

HIGH

CVSS:7.3(High)

In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions prior to 4.0.10, and Pivotal tc Runtimes, 7.x versions prior to 7.0.99.B, 8.x versions prior to 8.5.47.A, and 9.x versions prior to ...

CWE-2692019

CVE-2022-20739

HIGH

CVSS:7.3(High)

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker...

CWE-2692022

CVE-2022-44732

HIGH

CVSS:7.3(High)

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.

CWE-2692022