CVE-2025-46535

🗓️ 25 Apr 2025 08:05:56Reported by PatchstackType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 60 Views

Missing Authorization flaw in AlphaEfficiencyTeam Custom Login allows access control exploitation.

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2025-46535	25 Apr 202508:15	–	attackerkb
Circl	CVE-2025-46535	25 Apr 202509:07	–	circl
CNNVD	WordPress plugin Custom Login and Registration 安全漏洞	25 Apr 202500:00	–	cnnvd
Cvelist	CVE-2025-46535 WordPress Custom Login and Registration plugin <= 1.0.0 - Broken Access Control vulnerability	25 Apr 202508:05	–	cvelist
EUVD	EUVD-2025-12386	3 Oct 202520:07	–	euvd
NVD	CVE-2025-46535	25 Apr 202508:15	–	nvd
Patchstack	WordPress Custom Login and Registration plugin <= 1.0.0 - Broken Access Control vulnerability	25 Apr 202508:03	–	patchstack
Positive Technologies	PT-2025-17896 · Alphaefficiencyteam · Custom Login/Registration	25 Apr 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-46535	27 Apr 202508:55	–	redhatcve
Vulnrichment	CVE-2025-46535 WordPress Custom Login and Registration plugin <= 1.0.0 - Broken Access Control vulnerability	25 Apr 202508:05	–	vulnrichment

Vulners

Node

alphaefficiencyteam custom_login_and_registrationRange≤1.0.0wordpress

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "ms-registration",
    "product": "Custom Login and Registration",
    "vendor": "AlphaEfficiencyTeam",
    "versions": [
      {
        "lessThanOrEqual": "1.0.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/wordpress/plugin/ms-registration/vulnerability/wordpress-custom-login-and-registration-plugin-1-0-0-broken-access-control-vulnerability

28 Apr 2026 19:32Current

8.5High risk

Vulners AI Score8.5

CVSS 3.15.4

EPSS0.00099

SSVC

CWE-862