CVE-2025-3793

CVSS 3.1 Score 4.2 of 10 (medium)

Details

Published Apr 24, 2025

Updated: Apr 29, 2025

CWE ID 620

Summary

CVE-2025-3793 is a vulnerability affecting the Buddypress Force Password Change plugin for WordPress. This issue allows authenticated attackers, with subscriber-level access and above, to manipulate the 'bp_force_password_ajax' function, which can be exploited to change arbitrary user passwords, including administrator accounts, without proper validation of the authenticating user's identity. This authenticated account takeover vulnerability poses a significant threat, allowing attackers to gain unauthorized access to sensitive user accounts. Versions of the plugin up to and including 0.1 are reportedly affected by this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2025-3793

CVSS 3.1 Score 4.2 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations