Lucene search
K

4 matches found

Circl
Circl
added 2025/04/24 9:12 a.m.8 views

CVE-2025-3607

creationtimestamp| type| source ---|---|--- 2025-04-24 09:12:18+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13204 2025-04-24 10:15:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnkhz7moqe2h 2025-04-24 11:48:23+00:00| seen|...

8.8CVSS8.7AI score0.00374EPSS
Exploits0References4
CVE
CVE
added 2025/04/24 8:23 a.m.64 views

CVE-2025-3607

CVE-2025-3607 affects the WordPress plugin Frontend Login and Registration Blocks (versions up to 1.0.7). The issue is privilege escalation via password reset: an authenticated user with Subscriber-level access (or higher) can update arbitrary user passwords without proper identity validation, en...

8.8CVSS7.4AI score0.00374EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/04/24 8:23 a.m.20 views

CVE-2025-3607 Frontend Login and Registration Blocks <= 1.0.8 - Authenticated (Subscriber+) Privilege Escalation via Password Reset

The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.8. This is due to the plugin not properly validating a user's identity prior to updating a password. This makes it possible for...

8.8CVSS0.00374EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/04/23 8:51 p.m.11 views

WordPress Frontend Login and Registration Blocks plugin <= 1.0.7 - Authenticated (Subscriber+) Privilege Escalation via Password Reset vulnerability

Authenticated Subscriber+ Privilege Escalation via Password Reset vulnerability discovered by kr0d in WordPress Plugin Frontend Login and Registration Blocks versions = 1.0.8...

8.8CVSS8.4AI score0.00374EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder