How severe is CVE-2025-3852?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2025-3852?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2025-3852

HIGH Year: 2025

CVSS v3 Score

8.8

High

Weakness Type

CWE-269

View all →

Vulnerability Description

The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email & password through the update() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

CVE-2010-4664

HIGH

CVSS:8.8(High)

In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.

CWE-2692010

CVE-2012-6639

HIGH

CVSS:8.8(High)

An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.

CWE-2692012

CVE-2013-0643

HIGH

CVSS:8.8(High)

The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restr...

CWE-2692013

CVE-2013-4583

HIGH

CVSS:8.8(High)

The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated ...

CWE-2692013