4 matches found
CVE-2025-3607
creationtimestamp| type| source ---|---|--- 2025-04-24 09:12:18+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13204 2025-04-24 10:15:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnkhz7moqe2h 2025-04-24 11:48:23+00:00| seen|...
CVE-2025-3607
CVE-2025-3607 affects the WordPress plugin Frontend Login and Registration Blocks (versions up to 1.0.7). The issue is privilege escalation via password reset: an authenticated user with Subscriber-level access (or higher) can update arbitrary user passwords without proper identity validation, en...
CVE-2025-3607 Frontend Login and Registration Blocks <= 1.0.8 - Authenticated (Subscriber+) Privilege Escalation via Password Reset
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.8. This is due to the plugin not properly validating a user's identity prior to updating a password. This makes it possible for...
WordPress Frontend Login and Registration Blocks plugin <= 1.0.7 - Authenticated (Subscriber+) Privilege Escalation via Password Reset vulnerability
Authenticated Subscriber+ Privilege Escalation via Password Reset vulnerability discovered by kr0d in WordPress Plugin Frontend Login and Registration Blocks versions = 1.0.8...