CVE-2025-3844

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handelajaxreq function not having proper restrictions on the changeusermeta functionality that makes it possible to set a OTP code and subsequently log in...

CVE-2025-3924

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up the 'validemail' value based solely on a supplied username parameter, without verifying that the requester is associated...

CVE-2025-3844

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handelajaxreq function not having proper restrictions on the changeusermeta functionality that makes it possible to set a OTP code and subsequently log in...

CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handelajaxreq function in versions 1.9.1 to 7.5.2. This makes it possible for unauthenticated attackers to update arbitrary user's metadata whic...

CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handelajaxreq function in versions 1.9.1 to 7.5.2. This makes it possible for unauthenticated attackers to update arbitrary user's metadata whic...

CVE-2025-3921

CVE-2025-3921 affects PeproDev Ultimate Profile Solutions (WordPress). The vulnerability is due to a missing capability check in handel_ajax_req(), allowing unauthenticated attackers to modify arbitrary user metadata in versions 1.9.1–7.5.2. Reported impact includes potential admin access disrupt...

CVE-2025-3924

CVE-2025-3924 concerns the WordPress plugin PeproDev Ultimate Profile Solutions (versions 1.9.1 through 7.5.2) and describes an endpoint exposed for password reset that returns the candidate email based only on a supplied username. The result is unauthenticated email enumeration, potentially expo...

CVE-2025-3844 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Authentication Bypass to Account Takeover

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handelajaxreq function not having proper restrictions on the changeusermeta functionality that makes it possible to set a OTP code and subsequently log in...

PT-2025-19912 · WordPress · Peprodev Ultimate Profile Solutions

Name of the Vulnerable Software and Affected Versions: PeproDev Ultimate Profile Solutions plugin for WordPress affected versions not specified Description: The issue allows unauthorized access to data via a publicly exposed reset-password endpoint. The plugin looks up the valid email value based...

WordPress plugin PeproDev Ultimate Profile Solutions 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin PeproDev Ultimate Profile Solutions 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An authorization issue vulnerabilit...

PT-2025-19911 · WordPress · Peprodev Ultimate Profile Solutions

Name of the Vulnerable Software and Affected Versions: PeproDev Ultimate Profile Solutions plugin for WordPress versions 1.9.1 through 7.5.2 Description: The issue allows unauthorized modification of data due to a missing capability check on the handel ajax req function. This enables...

PT-2025-19906 · Peprodev · Peprodev Ultimate Profile Solutions

Name of the Vulnerable Software and Affected Versions: PeproDev Ultimate Profile Solutions versions 1.9.1 through 7.5.2 Description: The issue is related to the lack of proper authentication in the handel ajax req function, specifically with the change user meta functionality. This allows attacke...

WordPress plugin PeproDev Ultimate Profile Solutions 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. An authorization issue...