- Description
- The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handel_ajax_req() function not having proper restrictions on the change_user_meta functionality that makes it possible to set a OTP code and subsequently log in with that OTP code. This makes it possible for unauthenticated attackers to login as other users on the site, including administrators.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-288
- Hype score
- Not currently trending
CVE-2025-3844 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to..https://t.co/a1vVSDTmpu #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
12 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-3844 ⚠️🔴 CRITICAL (9.8) 🏢 peprodev - PeproDev Ultimate Profile Solutions 🏗️ 1.9.1 🔗 https://t.co/ZI9u7TvuMg 🔗 https://t.co/MzFdV6q71V 🔗 https://t.co/DGFv5hhkh3 #CyberCron #VulnAlert #InfoSec https://t.co/OX69EuflJB
@cybercronai
7 May 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes