{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-69347", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-31T20:12:28.143Z", "datePublished": "2026-03-25T16:14:21.905Z", "dateUpdated": "2026-03-26T15:45:38.448Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "subscription", "product": "WPSubscription", "vendor": "Convers Lab", "versions": [{"changes": [{"at": "1.8.11", "status": "unaffected"}], "lessThanOrEqual": "<= 1.8.10", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Jitlada | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-25T17:12:01.697Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects WPSubscription: from n/a through <= 1.8.10.</p>"}], "value": "Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through <= 1.8.10."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:14:21.905Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/subscription/vulnerability/wordpress-wpsubscription-plugin-1-8-10-insecure-direct-object-references-idor-vulnerability?_s_id=cve"}], "title": "WordPress WPSubscription plugin <= 1.8.10 - Insecure Direct Object References (IDOR) vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T15:44:41.193316Z", "id": "CVE-2025-69347", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T15:45:38.448Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through <= 1.8.10."}], "id": "CVE-2025-69347", "lastModified": "2026-03-25T17:16:27.690", "metrics": {}, "published": "2026-03-25T17:16:27.690", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/subscription/vulnerability/wordpress-wpsubscription-plugin-1-8-10-insecure-direct-object-references-idor-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.8.10]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[1.8.11,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "WPSubscription", "source": "cna", "vendor": "Convers Lab"}, "product": "wpsubscription", "vendor": "convers_lab"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-25T17:28:52.280395+00:00", "value": {"mitigation_remediation": ["Upgrade the WPSubscription plugin to the latest version that addresses the IDOR vulnerability.", "If an upgrade is not immediately possible, restrict access to subscription management pages to administrators only.", "Review and enforce proper role\u2011based access controls within the plugin to ensure that users can only view and edit their own subscription data.", "Monitor the site for anomalous subscription access patterns or repeated invalid identifier requests."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized Data Access / Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Affected systems include the Convers Lab WPSubscription WordPress plugin for all releases up to and including version 1.8.10. Users that have not upgraded from any earlier versions are at risk, regardless of custom configuration.", "description_and_impact": "This vulnerability is an Insecure Direct Object Reference in the WPSubscription plugin, allowing attackers to bypass authorization by manipulating user\u2011controlled keys. The flaw, classified as CWE\u2011639, permits a logged\u2011in user to access or modify subscription data belonging to other users, potentially exposing sensitive information or escalating privileges.", "risk_and_exploitability": "The CVSS score is not disclosed in the available data, and the EPSS score is unavailable, indicating uncertainty about exploitation likelihood. The vulnerability is not listed in the CISA KEV catalog. Attackers likely need to authenticate to the WordPress site and modify query parameters or form fields that reference subscription identifiers. No specific exploit code is documented, but the IDOR nature suggests that unauthenticated or low\u2011privileged users could potentially infer or guess valid identifiers."}}}}, "created": "2026-03-25T21:35:32.524243+00:00", "updated": "2026-03-26T11:40:46.483210+00:00", "vendors": ["convers_lab", "convers_lab$PRODUCT$wpsubscription", "wordpress", "wordpress$PRODUCT$wordpress"]}