CVE-2025-3844 – PeproDev Ultimate Profile Solutions WordPress Authentication Bypass

May 6, 2025

CVE ID : CVE-2025-3844

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handel_ajax_req() function not having proper restrictions on the change_user_meta functionality that makes it possible to set a OTP code and subsequently log in with that OTP code. This makes it possible for unauthenticated attackers to login as other users on the site, including administrators.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3851 – WordPress SmartPay Insecure Direct Object Reference Vulnerability

Next Article CVE-2025-2821 – WordPress Search Exclude Plugin Unauthenticated Data Modification

Highlights

CVE-2025-27706 – Absolute Secure Access Cross-Site Scripting

May 28, 2025

CVE ID : CVE-2025-27706

Published : May 28, 2025, 9:15 p.m. | 3 hours, 46 minutes ago

Description : CVE-2025-27706 is a cross-site scripting vulnerability in the management
console of Absolute Secure Access prior to version 13.54. Attackers
with system administrator permissions can interfere with another system
administrator’s use of the management console when the second
administrator visits the page. Attack complexity is low, there are no
preexisting attack requirements, privileges required are high and active
user interaction is required. There is no impact on confidentiality,
the impact on integrity is low and there is no impact on availability.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

5 ways business leaders can transform workplace culture – and it starts by listening

My 4 favorite image editing apps on Linux – and two are free Photoshop alternatives

How Google’s Genie 3 could change AI video – and let you build your own interactive worlds

How you’re charging your tablet is slowly killing it – 3 methods to avoid (and the right way)

Establishing Consistent Data Foundations with Laravel’s Database Population System

Establishing Consistent Data Foundations with Laravel’s Database Population System

Generate Postman Collections from Laravel Routes

This Week in Laravel: Free Laravel Idea, Laracon News, and More

Lenovo Legion Go 2 vs Legion Go — How Do These Gaming Handhelds Compare Based on Rumored Specs?

Lenovo Legion Go 2 vs Legion Go — How Do These Gaming Handhelds Compare Based on Rumored Specs?

9 Default Settings in Windows 11 You Didn’t Know Could Affect Performance and Privacy

DICE Responds to Battlefield 6 Community: Key Updates on Map Flow and Class Mechanics

CVE-2025-3844 – PeproDev Ultimate Profile Solutions WordPress Authentication Bypass

Black Hat USA 2025: Does successful cybersecurity today increase cyber-risk tomorrow?

Black Hat USA 2025: Policy compliance and the myth of the silver bullet

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy

Kyruus builds a generative AI provider matching solution on AWS

CVE-2025-29906 – Finit TTY Authentication Bypass Vulnerability

CVE-2025-49837 – GPT-SoVITS-WebUI Deserialization Vulnerability

CVE-2025-27706 – Absolute Secure Access Cross-Site Scripting

CVE-2025-51671 – PHPGurukul Dairy Farm Shop Management System SQL Injection

CVE-2025-4435 – TarFile Errorlevel Extraction Vulnerability

OpenAI will become a Public Benefit Corporation – here’s what that means

CVE-2025-3844 – PeproDev Ultimate Profile Solutions WordPress Authentication Bypass

Related Posts