CVE-2025-3844 – PeproDev Ultimate Profile Solutions WordPress Authentication Bypass

May 6, 2025

CVE ID : CVE-2025-3844

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handel_ajax_req() function not having proper restrictions on the change_user_meta functionality that makes it possible to set a OTP code and subsequently log in with that OTP code. This makes it possible for unauthenticated attackers to login as other users on the site, including administrators.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3851 – WordPress SmartPay Insecure Direct Object Reference Vulnerability

Next Article CVE-2025-2821 – WordPress Search Exclude Plugin Unauthenticated Data Modification

Highlights

CVE-2025-7209 – Plan9port Null Pointer Dereference Vulnerability

July 9, 2025

CVE ID : CVE-2025-7209

Published : July 9, 2025, 1:15 a.m. | 5 hours, 22 minutes ago

Description : A vulnerability has been found in 9fans plan9port up to 9da5b44 and classified as problematic. Affected by this vulnerability is the function value_decode in the library src/libsec/port/x509.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is deae8939583d83fd798fca97665e0e94656c3ee8. It is recommended to apply a patch to fix this issue.

Severity: 3.3 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-3844 – PeproDev Ultimate Profile Solutions WordPress Authentication Bypass

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

CVE-2025-6376 – Rockwell Automation Arena® Remote Code Execution Vulnerability

60% of AI agents work in IT departments – here’s what they do every day

Google DeepMind at NeurIPS 2023

Use Amazon Bedrock in Laravel with Prism PHP

CVE-2025-7209 – Plan9port Null Pointer Dereference Vulnerability

Critical AMI BMC Vulnerability: Patch Your ASUS Workstation Now

The 10+ Best AI & Pro Web Design Tools for 2025

CSS-Tricks Chronicles XLIII

CVE-2025-3844 – PeproDev Ultimate Profile Solutions WordPress Authentication Bypass

Related Posts