CVE-2025-3921 – PeproDev Ultimate Profile Solutions WordPress Unauthenticated Data Modification Vulnerability

May 6, 2025

CVE ID : CVE-2025-3921

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handel_ajax_req() function in versions 1.9.1 to 7.5.2. This makes it possible for unauthenticated attackers to update arbitrary user’s metadata which can be leveraged to block an administrator from accessing their site when wp_capabilities is set to 0.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3924 – PeproDev Ultimate Profile Solutions WordPress Unauthenticated Email Disclosure

Next Article CVE-2025-3860 – CarDealerPress for WordPress Stored Cross-Site Scripting Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

This Motorola Razr deal at Best Buy is the top offer I’ve seen on the flip phone

Google Maps can identify and save places in your screenshots – here’s how

T-Mobile is giving loyal users a free line right now – how to see if you qualify

CTA warns of tariff-fueled price hikes on consumer tech – but it’s not all bad news

Big Node, VS Code, and Mantine updates

Big Node, VS Code, and Mantine updates

Prepare for Contact Center Week with Colleen Eager

Preparing for the Unthinkable: Safeguarding People and Productivity During India-Pakistan Conflicts

Microsoft confirms Offline Calendar for New Outlook on Windows 11

Microsoft confirms Offline Calendar for New Outlook on Windows 11

Windows 11 Microsoft Store tests Copilot integration to increase app downloads

Beyond APT: Software Management with Flatpak on Ubuntu

CVE-2025-3921 – PeproDev Ultimate Profile Solutions WordPress Unauthenticated Data Modification Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-4495 – JAdmin-JAVA Cross-Site Scripting Vulnerability

Epic Mickey: Rebrushed gets release date and collector’s edition, but PC players are going to miss out on a couple things only available on consoles

Why the road from passwords to passkeys is long, bumpy, and worth it – probably

EC-DIT: Scaling Diffusion Transformers with Adaptive Expert-Choice Routing

How SSH Authentication with GitHub Works Under the Hood

How Cognistx’s SQUARY AI is Redefining Information Access

10 ways to create more sustainable websites

Part 2: Read and Validate PDF Text Content in Browser Using PDFBox and Selenium

Russian National Indicted for Cyber Attacks on Ukraine Before 2022 Invasion

CVE-2025-3921 – PeproDev Ultimate Profile Solutions WordPress Unauthenticated Data Modification Vulnerability

Related Posts