CVE-2025-2876
published 2025-04-08CVE-2025-2876: The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability…
PriorityP346high8.2CVSS 3.1
AVNACLPRNUINSUCNIHAL
EPSS
0.33%
24.8th percentile
The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| melapress | melapress_login_security | < 2.1.1 | 2.1.1 |
| melapress | melapress_login_security | — | — |
| melapress | melapress_login_security_premium | — | — |
CVSS provenance
nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5r55-gpx9-p565: The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing ca
ghsa_unreviewed·2025-04-08
CVE-2025-2876 [MEDIUM] CWE-862 GHSA-5r55-gpx9-p565: The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing ca
The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user.
Red Hat
kernel: f2fs: fix to avoid panic once fallocation fails for pinfile
vendor_redhat·2025-04-16·CVSS 5.5
CVE-2025-23130 [MEDIUM] kernel: f2fs: fix to avoid panic once fallocation fails for pinfile
kernel: f2fs: fix to avoid panic once fallocation fails for pinfile
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid panic once fallocation fails for pinfile
syzbot reports a f2fs bug as below:
------------[ cut here ]------------
kernel BUG at fs/f2fs/segment.c:2746!
CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0
RIP: 0010:get_new_segment fs/f2fs/segment.c:2746 [inline]
RIP: 0010:new_curseg+0x1f52/0x1f70 fs/f2fs/segment.c:2876
Call Trace:
__allocate_new_segment+0x1ce/0x940 fs/f2fs/segment.c:3210
f2fs_allocate_new_section fs/f2fs/segment.c:3224 [inline]
f2fs_allocate_pinning_section+0xfa/0x4e0 fs/f2fs/segment.c:3238
f2fs_expand_inode_data+0x696/0xca0 fs/f2fs/file.c:1830
f2fs_fallocate+0x537/0xa10 fs/f2fs
No detection rules found.
No public exploits indexed.
https://melapress.com/wordpress-login-security/releases/https://plugins.trac.wordpress.org/browser/melapress-login-security/trunk/app/modules/temporary-logins/class-temporary-logins.php#L71https://plugins.trac.wordpress.org/changeset/3267748/https://www.wordfence.com/threat-intel/vulnerabilities/id/559cbc69-85b6-4bad-9bb2-26d64195ba7e?source=cve
2025-04-08
Published