CVE-2025-47646
published 2025-05-23CVE-2025-47646: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration…
PriorityP274critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
21.75%
97.3th percentile
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration allows Password Recovery Exploitation.This issue affects PSW Front-end Login & Registration: from n/a through <= 1.13.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gilblas_ngunte_possi | psw_front-end_login_registration | <= 1.13 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/wp-login.php
url/wp-admin/admin-ajax.php
path/wp-content/plugins/psw-login-and-registration
commandfirst_name={{username}}&last_name={{username}}&new_user_name={{username}}&new_user_email={{email}}&new_user_password={{password}}&new_user_password_confirmation={{password}}&action=register_user_front_end&psw_form={{token}}
- →Detect exploitation attempts by monitoring POST requests to /wp-admin/admin-ajax.php with the parameter action=register_user_front_end, which is the AJAX action used to register accounts via the vulnerable plugin.
- →Presence of the form field 'pswforgetform' in page responses indicates the vulnerable PSW Front-end Login & Registration plugin is active; monitor for token extraction attempts via regex on this field.
- →Fingerprint the vulnerable plugin on a target by checking the response body of /wp-login.php for the strings 'psw_registration', 'pswlogform', and '/wp-content/plugins/psw-login-and-registration' simultaneously.
- →A successful exploitation response to the admin-ajax.php registration request will contain both the registered username and the string 'activation link' with HTTP 200 status.
- →Monitor for the X-Requested-With: XMLHttpRequest header combined with Content-Type: application/x-www-form-urlencoded on POST requests to /wp-admin/admin-ajax.php as part of the attack pattern.
- ·The vulnerability affects PSW Front-end Login & Registration versions up to and including 1.13; version 1.14 or later contains the fix. ↗
- ·The attack is unauthenticated and exploitable remotely with no user interaction required (CVSS 9.8 Critical), meaning no authentication bypass is needed prior to exploitation.
- ·The Nuclei template is marked 'intrusive' — running it against a target will attempt actual account registration and may create user accounts on the target WordPress site.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
PSW Front-end Login & Registration 1.13 - Weak Password Recovery
nuclei·CVSS 9.8
CVE-2025-47646 PSW Front-end Login & Registration 1.13 - Weak Password Recovery
PSW Front-end Login & Registration 1.13 - Weak Password Recovery
PSW Front-end Login & Registration plugin for WordPress contains a weak password recovery mechanism that can be exploited by unauthenticated attackers. This vulnerability affects versions through 1.13 and allows attackers to potentially gain unauthorized access.
Template:
id: CVE-2025-47646
info:
name: PSW Front-end Login & Registration 1.13 - Weak Password Recovery
author: pussycat0x
severity: critical
description: |
PSW Front-end Login & Registration plugin for WordPress contains a weak password recovery mechanism that can be exploited by unauthenticated attackers. This vulnerability affects versions through 1.13 and allows attackers to potentially gain unauthorized access.
impact: |
Unauthenticated attackers can regist
No writeups or analysis indexed.
2025-05-23
Published