A vulnerability, which was classified as problematic, was found in WCFM Plugin up to 6.7.16 on WordPress. Affected is the function
wcfm_redirect_to_setup
of the component Setting Handler. The manipulation leads to missing authorization.
This vulnerability is traded as CVE-2025-3780. It is possible to launch the attack remotely. There is no exploit available.