Primary

Context

Adifier System WordPress Plugin Privilege Escalation Vulnerability Allowing Unauthenticated Password Reset

Vulnerability

A vulnerability in the Adifier System plugin for WordPress, present in all versions through 3.1.7, allows for privilege escalation via account takeover. The issue arises because the plugin fails to properly validate a user's identity before updating account details, such as passwords, through the adifier_recover() function. This flaw enables unauthenticated attackers to reset passwords for any user, including administrators, and gain access to their accounts.

Impact

Exploitation of this vulnerability allows for unauthorized password resets, enabling attackers to take over user accounts, including those of administrators.

Remediation

Users can update to version 3.1.8 or a newer patched version to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Adifier System WordPress Plugin Privilege Escalation Vulnerability Allowing Unauthenticated Password Reset

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating