CVE-2025-3844 – PeproDev Ultimate Profile Solutions WordPress Authentication Bypass

May 6, 2025

CVE ID : CVE-2025-3844

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handel_ajax_req() function not having proper restrictions on the change_user_meta functionality that makes it possible to set a OTP code and subsequently log in with that OTP code. This makes it possible for unauthenticated attackers to login as other users on the site, including administrators.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3851 – WordPress SmartPay Insecure Direct Object Reference Vulnerability

Next Article CVE-2025-2821 – WordPress Search Exclude Plugin Unauthenticated Data Modification

Highlights

CVE-2025-3958 – Withstars Books-Management-System Cross-Site Scripting Vulnerability

April 27, 2025

CVE ID : CVE-2025-3958

Published : April 27, 2025, 4:15 a.m. | 4 hours ago

Description : A vulnerability was found in withstars Books-Management-System 1.0. It has been classified as problematic. Affected is an unknown function of the file /book_edit_do.html of the component Book Edit Page. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Agent Mode for Gemini added to Android Studio

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

Where to buy a Meta Quest 3S Xbox Edition — and why it’s a better bargain than the “normal” Meta Quest 3S

Vite 7.0 Is Out

Vite 7.0 Is Out

Exploring JavaScript ES2025 Edition

Mastering Mixed DML Operations in Apex

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

CVE-2025-3844 – PeproDev Ultimate Profile Solutions WordPress Authentication Bypass

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials

Urgent Advantech Alert: Critical Flaws (CVSS 9.6) Expose Industrial Automation to Remote Takeover, PoC Releases

Go Fixes Three Security Flaws: Update Your Apps Now!

CVE-2025-48080 – Uncanny Owl Uncanny Toolkit for LearnDash Stored Cross-site Scripting

CVE-2025-4844 – FreeFloat FTP Server CD Command Handler Buffer Overflow Vulnerability

CVE-2025-4613 – Google Web Designer Path Traversal Remote Code Execution Vulnerability

CVE-2025-3958 – Withstars Books-Management-System Cross-Site Scripting Vulnerability

Four trends reshaping Kubernetes platform engineering

Extend your Amazon Q Business with PagerDuty Advance data accessor

Windows 11 Integrates Model Context Protocol to Power AI Agents with Enhanced Security

CVE-2025-3844 – PeproDev Ultimate Profile Solutions WordPress Authentication Bypass

Related Posts