CVE-2025-3844: PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Authentication Bypass to Account Takeover

9.8 CVSS

Description

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handel_ajax_req() function not having proper restrictions on the change_user_meta functionality that makes it possible to set a OTP code and subsequently log in with that OTP code. This makes it possible for unauthenticated attackers to login as other users on the site, including administrators.

Classification

CVE ID: CVE-2025-3844

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-288 Authentication Bypass Using an Alternate Path or Channel

Affected Products

Vendor: peprodev

Product: PeproDev Ultimate Profile Solutions

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.31% (probability of being exploited)

EPSS Percentile: 53.79% (scored less or equal to compared to others)

EPSS Date: 2025-06-04 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3844
https://www.wordfence.com/threat-intel/vulnerabilities/id/65be9417-7029-4f34-b834-98208a42743b?source=cve
https://plugins.trac.wordpress.org/browser/peprodev-ups/tags/7.5.2/login/login.php#L1483
https://plugins.trac.wordpress.org/browser/peprodev-ups/tags/7.5.2/login/login.php#L2836

Timeline

2025-05-07 03:40:20 UTC
CVE

PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Authentication Bypass to Account Takeover