CVE-2025-3921 in Ultimate Profile Solutions Plugin정보

요약

\~에 의해 MITRE • 2025. 05. 07.

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handel_ajax_req() function in versions 1.9.1 to 7.5.2. This makes it possible for unauthenticated attackers to update arbitrary user's metadata which can be leveraged to block an administrator from accessing their site when wp_capabilities is set to 0.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

예약하다

2025. 04. 24.

공개

2025. 05. 07.

모더레이션

수락

항목

VDB-307626

CPE

준비됨

CWE

CWE-862 (확인됨)

CVSS

8.2 (CNA)

EPSS

0.00409

KEV

아니요

활동

매우 낮음

부문

Hostingprovider

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-3921
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-3921
CVE Details	https://www.cvedetails.com/cve/CVE-2025-3921/

◂ 이전 개요 다음 ▸

Do you need the next level of professionalism?

Upgrade your account now!