Lucene search
+L

4 matches found

circl
circl
added 2025/05/07 2:21 a.m.25 views

CVE-2025-3924

creationtimestamp| type| source ---|---|--- 2025-05-07 02:21:38+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15245 2025-05-07 04:26:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lokkl3i7kg2h 2025-05-07 07:12:51+00:00| seen| https://t.me/cvedetector/24668...

5.3CVSS8.7AI score0.00317EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/05/07 1:43 a.m.9 views

CVE-2025-3924 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Unauthenticated Email Enumeration

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up the 'validemail' value based solely on a supplied username parameter, without verifying that the requester is associated...

5.3CVSS5.3AI score0.00317EPSS
Exploits0References5
cve
cve
added 2025/05/07 1:43 a.m.61 views

CVE-2025-3924

CVE-2025-3924 concerns the WordPress plugin PeproDev Ultimate Profile Solutions (versions 1.9.1 through 7.5.2) and describes an endpoint exposed for password reset that returns the candidate email based only on a supplied username. The result is unauthenticated email enumeration, potentially expo...

5.3CVSS5.3AI score0.00317EPSS
Exploits0References5
patchstack
patchstack
added 2025/05/06 8:45 p.m.8 views

WordPress PeproDev Ultimate Profile Solutions plugin 1.9.1-7.5.2 - Missing Authorization to Unauthenticated Email Enumeration

Missing Authorization to Unauthenticated Email Enumeration vulnerability discovered by kr0d in WordPress Plugin PeproDev Ultimate Profile Solutions versions 1.9.1-7.5.2...

5.3CVSS8.3AI score0.00317EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder