CVE-2025-6895 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token()…
Critical CVSS: 9.8

CVE-2025-6895

The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticated attackers who know an arbitrary user meta value to bypass authentication checks and log in as that user.
Vendor
-
Product
-
CWE
CWE-288
Yayın Tarihi
2025-07-26 05:15:25
Güncelleme
2025-07-29 14:14:55
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-288 CRITICAL 2025

Referanslar

https://plugins.trac.wordpress.org/browser/melapress-login-security/tags/2.1.1/app/class-melapress-login-security.php https://plugins.trac.wordpress.org/browser/melapress-login-security/tags/2.1.1/app/modules/temporary-logins/class-temporary-logins.php https://plugins.trac.wordpress.org/changeset/3328137 https://wordpress.org/plugins/melapress-login-security/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/6f65d5c4-6f53-4836-9130-c9f4ed3be893?source=cve