CVE-2025-3921 – PeproDev Ultimate Profile Solutions WordPress Unauthenticated Data Modification Vulnerability

May 6, 2025

CVE ID : CVE-2025-3921

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handel_ajax_req() function in versions 1.9.1 to 7.5.2. This makes it possible for unauthenticated attackers to update arbitrary user’s metadata which can be leveraged to block an administrator from accessing their site when wp_capabilities is set to 0.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3924 – PeproDev Ultimate Profile Solutions WordPress Unauthenticated Email Disclosure

Next Article CVE-2025-3860 – CarDealerPress for WordPress Stored Cross-Site Scripting Vulnerability

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

Summer Game Fest had a bit of a “weird” vibe this year — an extremely mixed bag of weak presentations and interesting titles

The Lenovo Legion Go 2 gets its first release date tease, which could be accurate — but treat with the biggest pinch of salt

Denmark will stick with Windows — government still plans to ditch Microsoft Office

OneDrive user locked out of “30 years worth of photos and work” without any support — calls Microsoft a “Kafkaesque black hole”

Best PHP Project for Final Year Students: Learn, Build, and get Successful with PHPGurukul

Best PHP Project for Final Year Students: Learn, Build, and get Successful with PHPGurukul

Community News: Latest PECL Releases (06.24.2025)

JSON module scripts are now Baseline Newly Available

Summer Game Fest had a bit of a “weird” vibe this year — an extremely mixed bag of weak presentations and interesting titles

Summer Game Fest had a bit of a “weird” vibe this year — an extremely mixed bag of weak presentations and interesting titles

The Lenovo Legion Go 2 gets its first release date tease, which could be accurate — but treat with the biggest pinch of salt

Denmark will stick with Windows — government still plans to ditch Microsoft Office

CVE-2025-3921 – PeproDev Ultimate Profile Solutions WordPress Unauthenticated Data Modification Vulnerability

Multiple vulnerabilities in Sitecore CMS | Kaspersky official blog

Don’t panic, but it’s only a matter of time before critical ‘CitrixBleed 2’ is under attack

PoC Exploit Released for Apache Tomcat DoS Vulnerability

Exploring the Sparse Frontier: How Researchers from Edinburgh, Cohere, and Meta Are Rethinking Attention Mechanisms for Long-Context LLMs

CVE-2022-50232 – Linux Kernel ARM64 UXN Set Vulnerability

CVE-2025-30641 – Trend Micro Deep Security Local Privilege Escalation Vulnerability

Serverless MCP Brings AI-Assisted Debugging to AWS Workflows Within Modern IDEs

CVE-2025-4652 – Broadstreet WordPress Reflected Cross-Site Scripting Vulnerability

You can make a photo come alive with TikTok’s new AI tool – here’s how

SynthID Detector — a new portal to help identify AI-generated content

CVE-2025-3921 – PeproDev Ultimate Profile Solutions WordPress Unauthenticated Data Modification Vulnerability

Related Posts