CVE-2025-31643
Unknown Unknown - Not Provided

Incorrect Privilege Assignment in WPCHURCH Allows Privilege Escalation

Vulnerability report for CVE-2025-31643, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-07

Last updated on: 2026-04-28

Assigner: Patchstack

Description

Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-07
Last Modified
2026-04-28
Generated
2026-07-06
AI Q&A
2026-01-07
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
dasinfomedia wpchurch to 2.7.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-31643 is a high-priority privilege escalation vulnerability in the WordPress WPCHURCH plugin (versions up to 2.7.0). It allows a malicious user with a low-privileged account, such as a subscriber, to escalate their privileges to a higher level, potentially gaining full control over the affected website. This vulnerability is classified under OWASP Top 10 A3: Injection and has a CVSS score of 8.8, indicating it is highly dangerous and likely to be exploited. [1]

Impact Analysis

This vulnerability can allow an attacker with minimal access (subscriber-level) to escalate their privileges and gain full control over your WordPress website using the WPCHURCH plugin. This could lead to unauthorized access, data manipulation, site defacement, or complete takeover of the website, severely compromising its security and integrity. [1]

Mitigation Strategies

Users should immediately apply the mitigation rule issued by Patchstack to block attacks exploiting this vulnerability until an official patch is released. This mitigation helps protect WordPress sites running the WPCHURCH plugin versions up to 2.7.0 from privilege escalation attacks. Implementing automated protection solutions from Patchstack is also recommended to secure the site. [1]

Detection Guidance

There is no specific information provided about detection commands or methods to identify this vulnerability on your network or system. However, Patchstack has issued a mitigation rule to block attacks exploiting this vulnerability until an official patch is released. It is recommended to apply this mitigation rule immediately to protect your site. No explicit detection commands or network indicators are mentioned in the provided resources. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-31643. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart