exploitDog

GHSA-rgqx-f26c-5v58

Опубликовано: 26 июл. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticated attackers who know an arbitrary user meta value to bypass authentication checks and log in as that user.

The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticated attackers who know an arbitrary user meta value to bypass authentication checks and log in as that user.

Ссылки

EPSS

Процентиль: 71%

0.00666

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-288

Связанные уязвимости

CVE-2025-6895

CVSS3: 9.8

nvd

7 месяцев назад

The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticated attackers who know an arbitrary user meta value to bypass authentication checks and log in as that user.

EPSS

Процентиль: 71%

0.00666

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-288