CVE-2025-13615 is an authorization bypass vulnerability categorized under CWE-639 affecting the StreamTube Core plugin for WordPress, versions up to and including 4.78. The vulnerability stems from the plugin's improper handling of user-controlled keys that grant access to sensitive objects, allowing an attacker to circumvent authorization mechanisms. Specifically, this flaw enables unauthenticated attackers to arbitrarily change user passwords, including those of administrators, by exploiting the 'registration password fields' feature if it is enabled in the theme options. The vulnerability does not require any authentication or user interaction, making it highly exploitable remotely over the network. The CVSS v3.1 base score of 9.8 reflects the critical nature of this vulnerability, with attack vector being network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). This means an attacker can fully compromise the affected WordPress site, leading to complete takeover, data theft, or site defacement. No official patches or fixes have been linked yet, so mitigation currently relies on disabling the vulnerable feature or applying vendor updates once available. The vulnerability was publicly disclosed on November 30, 2025, and is tracked by the CVE database with no known active exploits reported at this time.

For European organizations, the impact of CVE-2025-13615 is significant due to the widespread use of WordPress as a content management system across various sectors including government, education, media, and commerce. Successful exploitation allows attackers to change passwords of any user, including administrators, leading to full site compromise. This can result in unauthorized data access, data breaches involving personal or sensitive information protected under GDPR, defacement of public-facing websites, disruption of services, and potential use of compromised sites as launchpads for further attacks. The ability to bypass authorization without authentication increases the risk of automated mass exploitation campaigns targeting vulnerable WordPress installations. Organizations relying on StreamTube Core for video content or media delivery are particularly at risk. The breach of administrator accounts can also lead to persistent backdoors and long-term compromise, complicating incident response and recovery efforts. Given the critical severity and ease of exploitation, European entities must act swiftly to mitigate this threat to protect their digital assets and maintain regulatory compliance.

1. Immediately verify if the 'registration password fields' feature is enabled in the theme options of any WordPress sites using StreamTube Core plugin and disable it if not essential. 2. Monitor official phpface and WordPress plugin repositories for patches or updates addressing CVE-2025-13615 and apply them promptly once released. 3. Implement web application firewalls (WAFs) with custom rules to detect and block suspicious requests attempting to exploit user-controlled key parameters related to this vulnerability. 4. Conduct thorough audits of user accounts and reset passwords for all users, especially administrators, on affected sites to mitigate potential unauthorized changes. 5. Employ multi-factor authentication (MFA) for WordPress admin accounts to reduce the impact of compromised credentials. 6. Regularly back up WordPress sites and databases to enable rapid restoration in case of compromise. 7. Restrict access to WordPress admin interfaces by IP whitelisting or VPN where feasible to reduce exposure. 8. Educate site administrators about this vulnerability and encourage vigilance for unusual login or password change activities. 9. Use security plugins that can detect unauthorized changes or suspicious behavior within WordPress environments. 10. Maintain an incident response plan tailored for web application compromises to ensure swift containment and remediation.