- Description
- The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not properly validating a user's identity prior to updating a password. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-620
- Hype score
- Not currently trending
🚨 CVE-2025-3607 🔴 HIGH (8.8) 🏢 arkenon - Frontend Login and Registration Blocks 🏗️ * 🔗 https://t.co/owme9MWfB1 🔗 https://t.co/nQAxkMde8h #CyberCron #VulnAlert #InfoSec https://t.co/qZmYmkMd56
@cybercronai
24 Apr 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3607 WordPress Frontend Login and Registration Blocks Plugin Privilege ... https://t.co/1wHTlpDTAi Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x
@VulmonFeeds
24 Apr 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
�� CVE-2025-3607 - WordPress - HIGH 🚨 🗓️ Date published 2025-04-24 09:15:31 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/wh4t2QZE1B
@vulns_space
24 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-3607: HIGH] Vulnerable WordPress plugin allows unauthorized users with Subscriber-level access to change passwords of other users, including admins, through account takeover due to lack of proper val...#cve,CVE-2025-3607,#cybersecurity https://t.co/LYaRnAyzDp https://t.
@CveFindCom
24 Apr 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3607 The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. … https://t.co/EAcAVsOqhV
@CVEnew
24 Apr 2025
261 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes