How to fix EUVD-2025-32529?

Within 24 hours: Identify all affected systems running all and apply vendor patches immediately. Monitor vendor channels for patch availability.

Is WordPress affected by EUVD-2025-32529?

Organizations using all face critical risk from CVE-2025-9286 rated CVSS 9.8. Successful exploitation could critically impact the confidentiality, integrity, and availability of affected systems.

EUVD-2025-32529

| CVE-2025-9286 CRITICAL

2025-10-03 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 13, 2026 - 19:29 vuln.today

EUVD ID Assigned

Mar 13, 2026 - 19:29 euvd

EUVD-2025-32529

CVE Published

Oct 03, 2025 - 12:15 nvd

CRITICAL 9.8

Description

The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to to reset the password of arbitrary users, including administrators, thereby gaining administrative access.

Analysis

Privilege escalation in Appy Pie Connect for WooCommerce via password reset.

Technical Context

CWE-620.

Affected Products

['Appy Pie Connect for WooCommerce']

Remediation

Update.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +49

POC: 0

EUVD-2025-32529 vulnerability details – vuln.today

Back

EUVD-2025-32529

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-32529

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code