Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2025/05/09 2:19 a.m.19 views

CVE-2025-3844

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handelajaxreq function not having proper restrictions on the changeusermeta functionality that makes it possible to set a OTP code and subsequently log in...

9.8CVSS7AI score0.00549EPSS
Exploits0References1
NVD
NVD
added 2025/05/07 3:15 a.m.31 views

CVE-2025-3924

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up the 'validemail' value based solely on a supplied username parameter, without verifying that the requester is associated...

5.3CVSS0.00317EPSS
Exploits0References5
NVD
NVD
added 2025/05/07 3:15 a.m.42 views

CVE-2025-3844

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handelajaxreq function not having proper restrictions on the changeusermeta functionality that makes it possible to set a OTP code and subsequently log in...

9.8CVSS0.00549EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/05/07 1:43 a.m.18 views

CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handelajaxreq function in versions 1.9.1 to 7.5.2. This makes it possible for unauthenticated attackers to update arbitrary user's metadata whic...

8.2CVSS0.00378EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/07 1:43 a.m.7 views

CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handelajaxreq function in versions 1.9.1 to 7.5.2. This makes it possible for unauthenticated attackers to update arbitrary user's metadata whic...

8.2CVSS8AI score0.00378EPSS
Exploits0References3
CVE
CVE
added 2025/05/07 1:43 a.m.73 views

CVE-2025-3921

CVE-2025-3921 affects PeproDev Ultimate Profile Solutions (WordPress). The vulnerability is due to a missing capability check in handel_ajax_req(), allowing unauthenticated attackers to modify arbitrary user metadata in versions 1.9.1–7.5.2. Reported impact includes potential admin access disrupt...

8.2CVSS8.1AI score0.00378EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/05/07 1:43 a.m.45 views

CVE-2025-3844 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Authentication Bypass to Account Takeover

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handelajaxreq function not having proper restrictions on the changeusermeta functionality that makes it possible to set a OTP code and subsequently log in...

9.8CVSS0.00549EPSS
Exploits0References3
CVE
CVE
added 2025/05/07 1:43 a.m.60 views

CVE-2025-3924

CVE-2025-3924 concerns the WordPress plugin PeproDev Ultimate Profile Solutions (versions 1.9.1 through 7.5.2) and describes an endpoint exposed for password reset that returns the candidate email based only on a supplied username. The result is unauthenticated email enumeration, potentially expo...

5.3CVSS5.3AI score0.00317EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.11 views

PT-2025-19911 · WordPress · Peprodev Ultimate Profile Solutions

Name of the Vulnerable Software and Affected Versions: PeproDev Ultimate Profile Solutions plugin for WordPress versions 1.9.1 through 7.5.2 Description: The issue allows unauthorized modification of data due to a missing capability check on the handel ajax req function. This enables...

8.2CVSS8.7AI score0.00378EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.5 views

PT-2025-19906 · Peprodev · Peprodev Ultimate Profile Solutions

Name of the Vulnerable Software and Affected Versions: PeproDev Ultimate Profile Solutions versions 1.9.1 through 7.5.2 Description: The issue is related to the lack of proper authentication in the handel ajax req function, specifically with the change user meta functionality. This allows attacke...

9.8CVSS9.4AI score0.00549EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.4 views

PT-2025-19912 · WordPress · Peprodev Ultimate Profile Solutions

Name of the Vulnerable Software and Affected Versions: PeproDev Ultimate Profile Solutions plugin for WordPress affected versions not specified Description: The issue allows unauthorized access to data via a publicly exposed reset-password endpoint. The plugin looks up the valid email value based...

5.3CVSS6AI score0.00317EPSS
Exploits0References8
Rows per page
Query Builder