cbcvebase.

Peprodev Ultimate Profile Solutions vulnerabilities

3 known vulnerabilities affecting peprodev/peprodev_ultimate_profile_solutions.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-3844P2CRITICALCVSS 9.8≥ 1.9.1, ≤ 7.5.22025-05-07
CVE-2025-3844 [CRITICAL] CWE-288 CVE-2025-3844: The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handel_ajax_req() function not having proper restrictions on the change_user_meta functionality that makes it possible to set a OTP code and subsequently log in with that OTP code. This makes it possible for u
nvd
CVE-2025-3921P3HIGHCVSS 8.2≥ 1.9.1, ≤ 7.5.22025-05-07
CVE-2025-3921 [HIGH] CWE-285 CVE-2025-3921: The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modificat The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handel_ajax_req() function in versions 1.9.1 to 7.5.2. This makes it possible for unauthenticated attackers to update arbitrary user's metadata which can be leveraged to block an administrator from acce
nvd
CVE-2025-3924P4MEDIUMCVSS 5.3≥ 1.9.1, ≤ 7.5.22025-05-07
CVE-2025-3924 [MEDIUM] CWE-285 CVE-2025-3924: The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up the 'valid_email' value based solely on a supplied username parameter, without verifying that the requester is associated with that user account. This allows unauthenticated att
nvd