CVE-2025-3924 – PeproDev Ultimate Profile Solutions WordPress Unauthenticated Email Disclosure

May 6, 2025

CVE ID : CVE-2025-3924

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up the ‘valid_email’ value based solely on a supplied username parameter, without verifying that the requester is associated with that user account. This allows unauthenticated attackers to enumerate email addresses for any user, including administrators.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4054 – Relevanssi WordPress Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-3921 – PeproDev Ultimate Profile Solutions WordPress Unauthenticated Data Modification Vulnerability

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

5 ways business leaders can transform workplace culture – and it starts by listening

My 4 favorite image editing apps on Linux – and two are free Photoshop alternatives

How Google’s Genie 3 could change AI video – and let you build your own interactive worlds

How you’re charging your tablet is slowly killing it – 3 methods to avoid (and the right way)

Establishing Consistent Data Foundations with Laravel’s Database Population System

Establishing Consistent Data Foundations with Laravel’s Database Population System

Generate Postman Collections from Laravel Routes

This Week in Laravel: Free Laravel Idea, Laracon News, and More

Lenovo Legion Go 2 vs Legion Go — How Do These Gaming Handhelds Compare Based on Rumored Specs?

Lenovo Legion Go 2 vs Legion Go — How Do These Gaming Handhelds Compare Based on Rumored Specs?

9 Default Settings in Windows 11 You Didn’t Know Could Affect Performance and Privacy

DICE Responds to Battlefield 6 Community: Key Updates on Map Flow and Class Mechanics

CVE-2025-3924 – PeproDev Ultimate Profile Solutions WordPress Unauthenticated Email Disclosure

Black Hat USA 2025: Does successful cybersecurity today increase cyber-risk tomorrow?

Black Hat USA 2025: Policy compliance and the myth of the silver bullet

Gourmand Recipe Manager

CVE-2025-4652 – Broadstreet WordPress Reflected Cross-Site Scripting Vulnerability

The best-selling PS5 game this year is by Xbox — it sold twice as many copies as PlayStation exclusive Death Stranding 2 in the same amount of time, and outsold 2024’s GOTY too

15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign

The Elder Scrolls 4: Oblivion Remastered leaks with screenshots

CVE-2025-4120 – Netgear JWNR2000 Remote Buffer Overflow Vulnerability

AI Agent Examples: Transforming Technology

CVE-2025-48259 – Juan Carlos WP Mapa Politico España CSRF

CVE-2025-3924 – PeproDev Ultimate Profile Solutions WordPress Unauthenticated Email Disclosure

Related Posts