Privilege Escalation Vulnerability in Custom Fields Account Registration for WooCommerce by SilverPlugins
CVE-2025-49379

7.2HIGH

Key Information:

Vendor: WordPress
Status: Custom Fields Account Registration For WooCommerce
Vendor: CVE Published:; 18 December 2025

What is CVE-2025-49379?

A vulnerability exists in the Custom Fields Account Registration for WooCommerce plugin developed by SilverPlugins that allows unauthorized users to escalate their privileges. This issue arises from improper handling of user rights, enabling attackers to gain elevated access and potentially manipulate or compromise sensitive user accounts and data. It is crucial for website owners to update to the latest version to secure their sites against unauthorized access.

Affected Version(s)

Custom Fields Account Registration For Woocommerce <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/cust...

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Jun 4, 2025

Credit

Denver Jackson | Patchstack Bug Bounty Program

JSON

WordPress

What is CVE-2025-49379?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit