CVE-2025-3776

HIGH Year: 2025
CVSS v3 Score
8.3
High
Weakness Type
CWE-94
View all →

Vulnerability Description

The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code Execution in all versions up to, and including, 1.5 via the 'targetvr_ajax_handler' function. This is due to a lack of validation on the type of function that can be called. This makes it possible for unauthenticated attackers to execute any callable function on the site, such as phpinfo().

Related Vulnerabilities

CVE-2021-42574

HIGH
CVSS:8.3(High)

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft sourc...

CWE-942021

CVE-2021-42694

HIGH
CVSS:8.3(High)

An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using ho...

CWE-942021

CVE-2024-21672

HIGH
CVSS:8.3(High)

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 a...

CWE-942024

CVE-2024-9593

HIGH
CVSS:8.3(High)

The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'e...

CWE-942024

CVE-2025-43010

HIGH
CVSS:8.3(High)

SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace...

CWE-942025

CVE-2016-7102

HIGH
CVSS:8.4(High)

ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive.

CWE-942016