Approved changes feed: RSS · Atom

cpe:2.3:a:themesgrove:download_manager_and_payment_form_wordpress_plugin_–_wp_smartpay:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorThemesgrove (65977320-902d-53e0-8251-49028d346fc0)
ProductDownload Manager And Payment Form Wordpress Plugin – Wp Smartpay (27280b8a-5d4f-52b6-9885-8c488a32e64e)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-3851 vulnerable 2026-06-08 07:23:10.024117 Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Subscriber+) Information Exposure
MEDIUM (4.3)
The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 1.1.0 to 2.7.13 via the show() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user's data like email address, name, and notes.
Published: 2025-05-07T01:43:07.050Z
Updated: 2025-05-07T14:03:29.117Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.