{"id":33928,"date":"2025-04-30T12:08:14","date_gmt":"2025-04-30T12:08:14","guid":{"rendered":""},"modified":"2025-05-11T12:34:40","modified_gmt":"2025-05-11T12:34:40","slug":"cve-2025-3101-privilege-escalation-vulnerability-in-configurator-theme-core-plugin-for-wordpress","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-3101-privilege-escalation-vulnerability-in-configurator-theme-core-plugin-for-wordpress\/","title":{"rendered":"CVE-2025-3101: Privilege Escalation Vulnerability in Configurator Theme Core Plugin for WordPress<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The CVE-2025-3101 vulnerability poses a significant risk to all users of the Configurator Theme Core plugin for WordPress. This exploit allows authenticated attackers, even those with the most basic Subscriber-level access, to escalate their privileges to Administrator. Any website using all versions up to and including 1.4.7 of the plugin is at risk. The implications of an attacker gaining Administrator privileges on a website are enormous, potentially leading to system<\/a> compromise or extensive data leakage.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-3101
\nSeverity: High (8.8 CVSS)
\nAttack Vector: Network
\nPrivileges Required: Low (Subscriber-level access)
\nUser Interaction: None
\nImpact: System compromise<\/a> or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n