CVE-2025-3844
PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Authentication Bypass to Account Takeover
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handel_ajax_req() function not having proper restrictions on the change_user_meta functionality that makes it possible to set a OTP code and subsequently log in with that OTP code. This makes it possible for unauthenticated attackers to login as other users on the site, including administrators.
| CWE | CWE-288 |
| Vendor | peprodev |
| Product | peprodev ultimate profile solutions |
| Published | May 7, 2025 |
| Last Updated | May 7, 2025 |
Stay Ahead of the Next One
Get instant alerts for peprodev peprodev ultimate profile solutions
Be the first to know when new critical vulnerabilities affecting peprodev peprodev ultimate profile solutions are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
peprodev / PeproDev Ultimate Profile Solutions
1.9.1 โค 7.5.2
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/65be9417-7029-4f34-b834-98208a42743b?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/peprodev-ups/tags/7.5.2/login/login.php#L1483 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/peprodev-ups/tags/7.5.2/login/login.php#L2836
Credits
Kenneth Dunn