CVE-2025-7444
published 2025-07-18CVE-2025-7444: The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This is due to insufficient…
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.55%
41.8th percentile
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| loginpress | loginpress_pro | <= 5.0.1 | — |
| msrc | azl3_nodejs_20.14.0-10_on_azure_linux_3.0 | — | — |
| msrc | azl3_nodejs_20.14.0-13_on_azure_linux_3.0 | — | — |
| msrc | azl3_nodejs_20.14.0-14_on_azure_linux_3.0 | — | — |
| msrc | azl3_nodejs_20.14.0-9_on_azure_linux_3.0 | — | — |
| msrc | cbl2_nodejs18_18.20.3-10_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_nodejs18_18.20.3-11_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_nodejs18_18.20.3-12_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_nodejs18_18.20.3-9_on_cbl_mariner_2.0 | — | — |
| msrc | microsoft_edge | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-grhj-gghx-xq87: The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5
ghsa_unreviewed·2025-07-18
CVE-2025-7444 [CRITICAL] CWE-288 GHSA-grhj-gghx-xq87: The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
Red Hat
chromium-browser: Type Confusion in V8
vendor_redhat·2025-11-17·CVSS 8.8
CVE-2025-13229 [HIGH] CWE-843 chromium-browser: Type Confusion in V8
chromium-browser: Type Confusion in V8
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Type Confusion in V8
vendor_redhat·2025-11-17·CVSS 8.8
CVE-2025-13226 [HIGH] CWE-843 chromium-browser: Type Confusion in V8
chromium-browser: Type Confusion in V8
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Type Confusion in V8
vendor_redhat·2025-11-17·CVSS 8.8
CVE-2025-13230 [HIGH] CWE-843 chromium-browser: Type Confusion in V8
chromium-browser: Type Confusion in V8
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Type Confusion in V8
vendor_redhat·2025-11-17·CVSS 8.8
CVE-2025-13228 [HIGH] chromium-browser: Type Confusion in V8
chromium-browser: Type Confusion in V8
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Type Confusion in V8
vendor_redhat·2025-11-17·CVSS 8.8
CVE-2025-13227 [HIGH] CWE-843 chromium-browser: Type Confusion in V8
chromium-browser: Type Confusion in V8
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Type Confusion in V8
vendor_redhat·2025-11-17·CVSS 8.8
CVE-2025-13224 [HIGH] CWE-843 chromium-browser: Type Confusion in V8
chromium-browser: Type Confusion in V8
Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Type Confusion in V8
vendor_redhat·2025-11-17·CVSS 8.8
CVE-2025-13223 [HIGH] CWE-843 chromium-browser: Type Confusion in V8
chromium-browser: Type Confusion in V8
Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Inappropriate implementation in V8
vendor_redhat·2025-11-12·CVSS 8.8
CVE-2025-13042 [HIGH] CWE-763 chromium-browser: Inappropriate implementation in V8
chromium-browser: Inappropriate implementation in V8
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Microsoft
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
vendor_msrc·2025-11-11·CVSS 8.6
CVE-2025-13230 [HIGH] CWE-843 Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Mariner: Mariner
Chrome: Chrome
Customer Action Required: Yes
Microsoft
Chromium: CVE-2025-13224 Type Confusion in V8
vendor_msrc·2025-11-11·CVSS 8.8
CVE-2025-13224 [HIGH] Chromium: CVE-2025-13224 Type Confusion in V8
Chromium: CVE-2025-13224 Type Confusion in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
142.0.3595.90
11/18/2025
142.0.7444.176
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your
Microsoft
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
vendor_msrc·2025-11-11·CVSS 8.8
CVE-2025-13226 [HIGH] CWE-843 Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Mariner: Mariner
Chrome: Chrome
Customer Action Required: Yes
Microsoft
Chromium: CVE-2025-13042 Inappropriate implementation in V8
vendor_msrc·2025-11-11·CVSS 8.8
CVE-2025-13042 [HIGH] Chromium: CVE-2025-13042 Inappropriate implementation in V8
Chromium: CVE-2025-13042 Inappropriate implementation in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
142.0.3595.80
11/13/2025
142.0.7444.162/.163
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of th
Microsoft
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
vendor_msrc·2025-11-11·CVSS 8.6
CVE-2025-13227 [HIGH] CWE-843 Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Mariner: Mariner
Chrome: Chrome
Customer Action Required: Yes
Microsoft
Chromium: CVE-2025-13223 Type Confusion in V8
vendor_msrc·2025-11-11·CVSS 8.8
CVE-2025-13223 [HIGH] Chromium: CVE-2025-13223 Type Confusion in V8
Chromium: CVE-2025-13223 Type Confusion in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2025-13223 exists in the wild.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
142.0.3595.90
11/18/2025
142.0.7444.176
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is n
Red Hat
chromium-browser: Inappropriate implementation in V8
vendor_redhat·2025-11-10·CVSS 4.3
CVE-2025-12433 [MEDIUM] CWE-823 chromium-browser: Inappropriate implementation in V8
chromium-browser: Inappropriate implementation in V8
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Incorrect security UI in Fullscreen UI
vendor_redhat·2025-11-10·CVSS 4.2
CVE-2025-12444 [MEDIUM] CWE-357 chromium-browser: Incorrect security UI in Fullscreen UI
chromium-browser: Incorrect security UI in Fullscreen UI
Incorrect security UI in Fullscreen UI in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Race in V8
vendor_redhat·2025-11-10·CVSS 8.8
CVE-2025-12432 [HIGH] CWE-366 chromium-browser: Race in V8
chromium-browser: Race in V8
Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Inappropriate implementation in V8
vendor_redhat·2025-11-10·CVSS 8.8
CVE-2025-12727 [HIGH] CWE-825 chromium-browser: Inappropriate implementation in V8
chromium-browser: Inappropriate implementation in V8
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Object lifecycle issue in Media
vendor_redhat·2025-11-10·CVSS 7.5
CVE-2025-12430 [HIGH] CWE-825 chromium-browser: Object lifecycle issue in Media
chromium-browser: Object lifecycle issue in Media
Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Use after free in PageInfo
vendor_redhat·2025-11-10·CVSS 7.5
CVE-2025-12437 [HIGH] CWE-825 chromium-browser: Use after free in PageInfo
chromium-browser: Use after free in PageInfo
Use after free in PageInfo in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Out of bounds read in WebXR
vendor_redhat·2025-11-10·CVSS 4.3
CVE-2025-12443 [MEDIUM] CWE-125 chromium-browser: Out of bounds read in WebXR
chromium-browser: Out of bounds read in WebXR
Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Use after free in Ozone
vendor_redhat·2025-11-10·CVSS 8.8
CVE-2025-12438 [HIGH] CWE-825 chromium-browser: Use after free in Ozone
chromium-browser: Use after free in Ozone
Use after free in Ozone in Google Chrome on Linux and ChromeOS prior to 142.0.7444.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: Medium)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Type Confusion in V8
vendor_redhat·2025-11-10·CVSS 8.8
CVE-2025-12428 [HIGH] CWE-843 chromium-browser: Type Confusion in V8
chromium-browser: Type Confusion in V8
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Out of bounds read in V8
vendor_redhat·2025-11-10·CVSS 4.3
CVE-2025-12441 [MEDIUM] CWE-125 chromium-browser: Out of bounds read in V8
chromium-browser: Out of bounds read in V8
Out of bounds read in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Inappropriate implementation in App-Bound Encryption
vendor_redhat·2025-11-10·CVSS 5.5
CVE-2025-12439 [MEDIUM] CWE-524 chromium-browser: Inappropriate implementation in App-Bound Encryption
chromium-browser: Inappropriate implementation in App-Bound Encryption
Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Inappropriate implementation in Autofill
vendor_redhat·2025-11-10·CVSS 5.3
CVE-2025-12440 [MEDIUM] CWE-524 chromium-browser: Inappropriate implementation in Autofill
chromium-browser: Inappropriate implementation in Autofill
Inappropriate implementation in Autofill in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Policy bypass in Extensions
vendor_redhat·2025-11-10·CVSS 6.5
CVE-2025-12445 [MEDIUM] CWE-266 chromium-browser: Policy bypass in Extensions
chromium-browser: Policy bypass in Extensions
Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Policy bypass in Extensions
vendor_redhat·2025-11-10·CVSS 5.9
CVE-2025-12436 [MEDIUM] CWE-266 chromium-browser: Policy bypass in Extensions
chromium-browser: Policy bypass in Extensions
Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Inappropriate implementation in Extensions
vendor_redhat·2025-11-10·CVSS 6.5
CVE-2025-12431 [MEDIUM] CWE-749 chromium-browser: Inappropriate implementation in Extensions
chromium-browser: Inappropriate implementation in Extensions
Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: High)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Inappropriate implementation in V8
vendor_redhat·2025-11-10·CVSS 8.8
CVE-2025-12429 [HIGH] CWE-787 chromium-browser: Inappropriate implementation in V8
chromium-browser: Inappropriate implementation in V8
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Incorrect security UI in SplitView
vendor_redhat·2025-11-10·CVSS 4.2
CVE-2025-12446 [MEDIUM] CWE-1021 chromium-browser: Incorrect security UI in SplitView
chromium-browser: Incorrect security UI in SplitView
Incorrect security UI in SplitView in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-18
Published