CVE-2025-3924 – PeproDev Ultimate Profile Solutions WordPress Unauthenticated Email Disclosure

May 6, 2025

CVE ID : CVE-2025-3924

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up the ‘valid_email’ value based solely on a supplied username parameter, without verifying that the requester is associated with that user account. This allows unauthenticated attackers to enumerate email addresses for any user, including administrators.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4054 – Relevanssi WordPress Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-3921 – PeproDev Ultimate Profile Solutions WordPress Unauthenticated Data Modification Vulnerability

Highlights

CVE-2025-0993 – GitLab Denial of Service

May 22, 2025

CVE ID : CVE-2025-0993

Published : May 22, 2025, 3:16 p.m. | 1 hour, 31 minutes ago

Description : An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

Best early Prime Day Nintendo Switch deals: My 17 favorite sales live now

How I use VirtualBox to run any OS on my Mac – including Linux

Apple will give you a free pair of AirPods when you buy a MacBook or iPad for school – here’s who’s eligible

How Apple’s biggest potential acquisition ever could perplex AI rivals like Google

Music Streaming Platform using PHP and MySQL

Music Streaming Platform using PHP and MySQL

Solutions That Benefit Everyone – Why Inclusive Design Matters for All

Reducing Barriers Across Industries Through Inclusive Design

Windows 11 Installation Assistant Download: 2025 Guide

Windows 11 Installation Assistant Download: 2025 Guide

Didn’t Receive Gears of War: Reloaded Code? Explainer

Fix Vibrant Visuals Greyed Out in Minecraft Bedrock

CVE-2025-3924 – PeproDev Ultimate Profile Solutions WordPress Unauthenticated Email Disclosure

Typhoon-like gang slinging TLS certificate ‘signed’ by the Los Angeles Police Department

Wedding Invitation Scam: SpyMax RAT Targets Indian WhatsApp Users, Stealing OTPs & Banking Credentials

CVE-2025-47424 – Retool Host Header Injection Vulnerability

The Future of Web Design

Pinta 3.0 Released With New Effects and GTK4 Port

Microsoft Teams to block screen capture during meetings starting July 2025

CVE-2025-0993 – GitLab Denial of Service

CVE-2024-23589 – HCL Glovius Cloud Hash Algorithm Weakness

HPE Performance Cluster Manager Vulnerability Allow Remote Attacker to Bypass Authentication

Understanding Accessibility, Inclusive Design, and Universal Design

CVE-2025-3924 – PeproDev Ultimate Profile Solutions WordPress Unauthenticated Email Disclosure

Related Posts