cbcvebase.
CVE-2025-6895
published 2025-07-26

CVE-2025-6895: The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the…

PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.66%
47.1th percentile
The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticated attackers who know an arbitrary user meta value to bypass authentication checks and log in as that user.

Affected

1 ranges
VendorProductVersion rangeFixed in
melapressmelapress_login_security2.1.0 – 2.1.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.