Dataverse Integration 2.77 – 2.81 – Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via reset_password_link REST Route

July 24, 2025 invoker category_cve

CVE Details

Basic Information

Title Dataverse Integration 2.77 – 2.81 – Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via reset_password_link REST Route
Type cve
Published 2025-07-24T09:22:21.270Z
Modified 2025-07-24T09:22:21.270Z

Product Information

Vendor alexacrm
Product Dataverse Integration
Version 2.77

CVSS Information

Base Score 8.8 (HIGH)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Analysis

AI Description The Dataverse Integration WordPress plugin is vulnerable to privilege escalation due to missing authorization checks. This allows authenticated attackers to obtain password reset links for higher-privileged users, potentially leading to account hijacking.
AI Severity High
AI Vendor WordPress Community
AI Product Dataverse Integration
AI Version 2.77, 2.78, 2.79, 2.80, 2.81

Affected Products

  • alexacrm Dataverse Integration 2.77

Additional Information

CWE List CWE-862
Source Wordfence

Description

The Dataverse Integration plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within its reset_password_link REST endpoint in versions 2.77 through 2.81. The endpoint’s handler accepts a client-supplied id, email, or login, looks up that user, and calls get_password_reset_key() unconditionally. Because it only checks that the caller is authenticated, and not that they own or may edit the target account, any authenticated attacker, with Subscriber-level access and above, can obtain a password reset link for an administrator and hijack that account.

πŸ’­ Join the Security Discussion

πŸ”’ Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.