Cyber Resilience

CVE-2025-7695

High

Published: 24 July 2025

Published
24 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0033 56.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7695 is a high-severity Missing Authorization (CWE-862) vulnerability in Wordpress (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 43.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-7695 is a privilege escalation vulnerability in the Dataverse Integration plugin for WordPress, affecting versions 2.77 through 2.81. The issue stems from missing authorization checks in the reset_password_link REST endpoint, where the handler accepts a client-supplied user identifier such as an ID, email, or login, looks up the corresponding user, and unconditionally calls get_password_reset_key(). The endpoint only verifies that the caller is authenticated, without confirming ownership or edit permissions for the target account. This flaw is rated with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-862 (Missing Authorization).

An attacker with Subscriber-level access or higher, who is already authenticated to the WordPress site, can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By sending a crafted request to the reset_password_link endpoint with an administrator's user details, the attacker obtains a valid password reset link for that account. This enables full account hijacking, potentially granting the attacker administrative privileges on the site.

References include source code locations in AuthenticatedEndpoint.php and GetResetUserPasswordLink.php, a plugin changeset from 3323579 to 3329717 indicating a potential patch commit, the plugin's developers page on WordPress.org, and a Wordfence threat intelligence entry for the vulnerability. Security practitioners should review these for patch details and update to a fixed version if available.

EU & UK References

Vulnerability details

The Dataverse Integration plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within its reset_password_link REST endpoint in versions 2.77 through 2.81. The endpoint’s handler accepts a client-supplied id, email, or login, looks up that user,…

more

and calls get_password_reset_key() unconditionally. Because it only checks that the caller is authenticated, and not that they own or may edit the target account, any authenticated attacker, with Subscriber-level access and above, can obtain a password reset link for an administrator and hijack that account.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Missing authorization in password reset endpoint directly enables authenticated privilege escalation to admin via account hijacking.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-8547Shared CWE-862
CVE-2026-22172Shared CWE-862
CVE-2025-48574Shared CWE-862
CVE-2026-0026Shared CWE-862
CVE-2025-48578Shared CWE-862
CVE-2025-48634Shared CWE-862
CVE-2026-28193Shared CWE-862
CVE-2026-0845Shared CWE-862
CVE-2025-49723Shared CWE-862
CVE-2024-12171Shared CWE-862

Affected Assets

Wordpress
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-3 requires enforcement of approved authorizations for access to resources, directly addressing the missing authorization checks in the reset_password_link endpoint that allow any authenticated user to target administrator accounts.

prevent

AC-6 enforces the principle of least privilege, preventing Subscriber-level users from performing privilege-escalating actions like generating password reset links for administrators.

prevent

AC-2 mandates proper account management including authorization of account changes and reviews, mitigating unauthorized password resets that enable account hijacking.

References