CVE-2025-7665 is a high-severity vulnerability affecting the Miniorange OTP Verification with Firebase plugin for WordPress, specifically versions 3.1.0 through 3.6.2. The vulnerability arises from a missing authorization check (CWE-862) in the 'handle_mofirebase_form_options' function. This flaw allows unauthenticated attackers to escalate privileges by updating the default user role to Administrator. Exploitation requires that the plugin's premium features be enabled, which suggests that the vulnerable code path is tied to functionality available only in the paid version. The vulnerability is remotely exploitable without any user interaction or authentication, as indicated by the CVSS vector (AV:N/AC:H/PR:N/UI:N). Although the attack complexity is rated high, the impact is critical, affecting confidentiality, integrity, and availability, since an attacker gaining administrator privileges can fully compromise the WordPress site. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability was reserved in mid-July 2025 and published in September 2025, indicating recent discovery and disclosure. The plugin integrates Firebase OTP verification for WordPress login flows, and this missing authorization check in a critical function handling form options allows attackers to manipulate user roles, effectively bypassing all access controls.

For European organizations using WordPress sites with the Miniorange OTP Verification with Firebase plugin, this vulnerability poses a significant risk. An attacker exploiting this flaw can gain administrator access, enabling them to modify site content, steal sensitive data, inject malicious code, or disrupt services. This can lead to data breaches involving personal data protected under GDPR, resulting in regulatory fines and reputational damage. Organizations relying on WordPress for e-commerce, customer portals, or internal communications could face operational disruptions and financial losses. Since the vulnerability requires premium features enabled, organizations using the paid version are at direct risk. The ease of remote exploitation without authentication increases the threat level, especially for publicly accessible WordPress sites. Additionally, attackers could use compromised sites as a foothold for lateral movement within corporate networks or for launching further attacks against European infrastructure.

European organizations should immediately audit their WordPress installations to identify if the Miniorange OTP Verification with Firebase plugin is installed and whether it is within the affected versions (3.1.0 to 3.6.2). If premium features are enabled, they should consider disabling them temporarily until a patch is available. Since no official patches are linked yet, organizations should monitor vendor announcements closely and apply updates as soon as they are released. As a temporary mitigation, restricting access to the WordPress admin interface by IP whitelisting or web application firewall (WAF) rules can reduce exposure. Implementing strict monitoring and alerting for unexpected changes in user roles or administrative accounts is recommended. Organizations should also review their user role assignments and remove any suspicious administrator accounts. Employing multi-factor authentication (MFA) for all administrator accounts can help mitigate the impact if exploitation occurs. Finally, conducting regular backups and ensuring incident response plans are updated will aid in recovery if an attack happens.