Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities by thedrifted

    CVE-2025-3746 (GCVE-0-2025-3746)

    Vulnerability from nvd – Published: 2025-05-02 01:43 – Updated: 2025-05-12 15:53
    VLAI
    Title
    OTP-less one tap Sign in 2.0.14 - 2.0.59 - Unauthenticated Arbitrary Email Update to Account Takeover/Privilege Escalation
    Summary
    The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.14 to 2.0.59. This is due to the plugin not properly validating a user's identity prior to updating their details, like email. This makes it possible for unauthenticated attackers to change arbitrary users' email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. Additionally, the plugin returns authentication cookies in the response, which can be used to access the account directly.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    thedrifted OTP-less one tap Sign in Affected: 2.0.14 , ≤ 2.0.59 (semver)
    Create a notification for this product.
    Credits
    Kenneth Dunn
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3746",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-02T15:18:49.561714Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T15:53:02.851Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "OTP-less one tap Sign in",
              "vendor": "thedrifted",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.59",
                  "status": "affected",
                  "version": "2.0.14",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kenneth Dunn"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.14 to 2.0.59. This is due to the plugin not properly validating a user\u0027s identity prior to updating their details, like email. This makes it possible for unauthenticated attackers to change arbitrary users\u0027 email addresses, including administrators, and leverage that to reset the user\u0027s password and gain access to their account.\r\nAdditionally, the plugin returns authentication cookies in the response, which can be used to access the account directly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-02T01:43:35.422Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/63fab608-1a75-4b07-8d82-8ab87e197547?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/otpless/tags/2.0.59./includes/class-login.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-13T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2025-05-01T13:11:34.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "OTP-less one tap Sign in 2.0.14 - 2.0.59 - Unauthenticated Arbitrary Email Update to Account Takeover/Privilege Escalation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-3746",
        "datePublished": "2025-05-02T01:43:35.422Z",
        "dateReserved": "2025-04-16T19:23:59.977Z",
        "dateUpdated": "2025-05-12T15:53:02.851Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3746 (GCVE-0-2025-3746)

    Vulnerability from cvelistv5 – Published: 2025-05-02 01:43 – Updated: 2025-05-12 15:53
    VLAI
    Title
    OTP-less one tap Sign in 2.0.14 - 2.0.59 - Unauthenticated Arbitrary Email Update to Account Takeover/Privilege Escalation
    Summary
    The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.14 to 2.0.59. This is due to the plugin not properly validating a user's identity prior to updating their details, like email. This makes it possible for unauthenticated attackers to change arbitrary users' email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. Additionally, the plugin returns authentication cookies in the response, which can be used to access the account directly.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    thedrifted OTP-less one tap Sign in Affected: 2.0.14 , ≤ 2.0.59 (semver)
    Create a notification for this product.
    Credits
    Kenneth Dunn
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3746",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-02T15:18:49.561714Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T15:53:02.851Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "OTP-less one tap Sign in",
              "vendor": "thedrifted",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.59",
                  "status": "affected",
                  "version": "2.0.14",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kenneth Dunn"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.14 to 2.0.59. This is due to the plugin not properly validating a user\u0027s identity prior to updating their details, like email. This makes it possible for unauthenticated attackers to change arbitrary users\u0027 email addresses, including administrators, and leverage that to reset the user\u0027s password and gain access to their account.\r\nAdditionally, the plugin returns authentication cookies in the response, which can be used to access the account directly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-02T01:43:35.422Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/63fab608-1a75-4b07-8d82-8ab87e197547?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/otpless/tags/2.0.59./includes/class-login.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-13T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2025-05-01T13:11:34.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "OTP-less one tap Sign in 2.0.14 - 2.0.59 - Unauthenticated Arbitrary Email Update to Account Takeover/Privilege Escalation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-3746",
        "datePublished": "2025-05-02T01:43:35.422Z",
        "dateReserved": "2025-04-16T19:23:59.977Z",
        "dateUpdated": "2025-05-12T15:53:02.851Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }