CVE-2025-3924

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up the 'valid_email' value based solely on a supplied username parameter, without verifying that the requester is associated with that user account. This allows unauthenticated attackers to enumerate email addresses for any user, including administrators.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/peprodev-ups/tags/7.5.2/login/login.php#L1483
https://plugins.trac.wordpress.org/browser/peprodev-ups/tags/7.5.2/login/login.php#L2659
https://plugins.trac.wordpress.org/browser/peprodev-ups/tags/7.5.2/login/login.php#L2810
https://wordpress.org/plugins/peprodev-ups/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/7bb36c0f-68b3-492e-9f08-fe6228b0363f?source=cve

Configurations

No configuration.

History

07 May 2025, 14:13

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-07 03:15

Updated : 2025-05-07 14:13

NVD link : CVE-2025-3924

Mitre link : CVE-2025-3924

CVE.ORG link : CVE-2025-3924

JSON object : View

Products Affected

No product.

CWE

CWE-285

Improper Authorization

{"id": "CVE-2025-3924", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-05-07T03:15:18.733", "references": [{"url": "https://plugins.trac.wordpress.org/browser/peprodev-ups/tags/7.5.2/login/login.php#L1483", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/peprodev-ups/tags/7.5.2/login/login.php#L2659", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/peprodev-ups/tags/7.5.2/login/login.php#L2810", "source": "security@wordfence.com"}, {"url": "https://wordpress.org/plugins/peprodev-ups/#developers", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7bb36c0f-68b3-492e-9f08-fe6228b0363f?source=cve", "source": "security@wordfence.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up the 'valid_email' value based solely on a supplied username parameter, without verifying that the requester is associated with that user account. This allows unauthenticated attackers to enumerate email addresses for any user, including administrators."}, {"lang": "es", "value": "El complemento PeproDev Ultimate Profile Solutions para WordPress es vulnerable al acceso no autorizado a datos a trav\u00e9s de su endpoint de restablecimiento de contrase\u00f1a, expuesto p\u00fablicamente. El complemento busca el valor 'valid_email' bas\u00e1ndose \u00fanicamente en el par\u00e1metro de nombre de usuario proporcionado, sin verificar que el solicitante est\u00e9 asociado a esa cuenta de usuario. Esto permite a atacantes no autenticados enumerar las direcciones de correo electr\u00f3nico de cualquier usuario, incluidos los administradores."}], "lastModified": "2025-05-07T14:13:20.483", "sourceIdentifier": "security@wordfence.com"}