CVE-2025-15030

Summary

The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account

Affected Software

VendorProductVersion RangeStatus
UnknownUser Profile Builder1.1.27 < 3.15.2affected

Weaknesses

  • CWE-269 Improper Privilege Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References