How to fix CVE-2025-5692?

Within 30 days: Identify affected systems running all and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Is PHP affected by CVE-2025-5692?

Organizations using all should be aware of moderate risk from CVE-2025-5692, a missing authorization vulnerability rated CVSS 6.3. Attackers could gain access beyond their authorized level. A patch is available and should be applied during regular vulnerability management.

CVE-2025-5692

EUVD-2025-19710 MEDIUM

2025-07-02 [email protected]

PHP WordPress Authentication Bypass Lead Form Data Collection To Crm

6.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 01:55 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 01:55 euvd

EUVD-2025-19710

Patch Released

Mar 16, 2026 - 01:55 nvd

Patch available

CVE Published

Jul 02, 2025 - 03:15 nvd

MEDIUM 6.3

DescriptionNVD

The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ~/includes/LB_admin_ajax.php file in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform several actions like updating settings. Initially this CVE was assigned specifically to all AJAX actions and the doFieldAjaxAction() function, however it was determined that CVE-2025-47690 is assigned to the doFieldAjaxAction() function that leads to arbitrary options updates.

AnalysisAI

Technical ContextAI

This vulnerability is classified as Missing Authorization (CWE-862).

RemediationAI

A vendor patch is available. Apply it as soon as possible and verify the fix.

CVE-2025-5692 vulnerability details – vuln.today

Back