CVE-2025-3844 – PeproDev Ultimate Profile Solutions WordPress Authentication Bypass

May 6, 2025

CVE ID : CVE-2025-3844

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handel_ajax_req() function not having proper restrictions on the change_user_meta functionality that makes it possible to set a OTP code and subsequently log in with that OTP code. This makes it possible for unauthenticated attackers to login as other users on the site, including administrators.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3851 – WordPress SmartPay Insecure Direct Object Reference Vulnerability

Next Article CVE-2025-2821 – WordPress Search Exclude Plugin Unauthenticated Data Modification

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Your password manager is under attack, and this new threat makes it worse: How to defend yourself

EcoFlow’s new backyard solar energy system starts at $599 – no installation crews or permits needed

Why Sonos’ cheapest smart speaker is one of my favorites – even a year after its release

7 productivity gadgets I can’t live without (and why they make such a big difference)

Tap into Your PHP Potential with Free Projects at PHPGurukul

Tap into Your PHP Potential with Free Projects at PHPGurukul

Preparing for AI? Here’s How PIM Gets Your Data in Shape

A Closer Look at the AI Assistant of Oracle Analytics

kew v3.2.0 improves internet radio support and more

kew v3.2.0 improves internet radio support and more

GNOME Replace Totem Video Player with Showtime

Placemark is a web-based tool for geospatial data

CVE-2025-3844 – PeproDev Ultimate Profile Solutions WordPress Authentication Bypass

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-3528 – OpenShift Mirror Registry Privilege Escalation Vulnerability

How to Create Effective CRM Strategy in 8 Steps

CVE-2025-46346 – YesWiki Stored Cross-Site Scripting (XSS) Vulnerability

I was skeptical of clip-style earbuds, then I took this budget pair on a run

This rugged power bank is one of the fastest I’ve used – and it’s so close to perfect

AssemblyAI Unveils Universal-1: Surpassing Whisper-3 with Groundbreaking Accuracy and Speed in Speech Recognition

Talent in the new normal: How to manage fast-changing tech roles

Bodhi Linux: Nuovo Tema e Moduli Rivisitati nella Prossima Versione

Simplifying Dev Tool Design: From Concept to Execution

CVE-2025-3844 – PeproDev Ultimate Profile Solutions WordPress Authentication Bypass

Related Posts