{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-3607", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-04-14T19:58:14.576Z", "datePublished": "2025-04-24T08:23:49.815Z", "dateUpdated": "2026-04-08T17:15:54.857Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:15:54.857Z"}, "affected": [{"vendor": "arkenon", "product": "Login, Registration and Lost Password Blocks", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.8. This is due to the plugin not properly validating a user's identity prior to updating a password. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account."}], "title": "Frontend Login and Registration Blocks <= 1.0.8 - Authenticated (Subscriber+) Privilege Escalation via Password Reset", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b06ce1e4-5cfb-415d-ad09-db194d6b4354?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/frontend-login-and-registration-blocks/trunk/inc/class-flr-blocks-lost-password.php#L115"}, {"url": "https://plugins.trac.wordpress.org/changeset/3325911/#file35"}, {"url": "https://plugins.trac.wordpress.org/changeset/3325911/#file10"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-620 Unverified Password Change", "cweId": "CWE-620", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "timeline": [{"time": "2025-04-23T19:45:40.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-24T13:54:56.500289Z", "id": "CVE-2025-3607", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-24T13:55:34.115Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3607", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-24T13:54:56.500289Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-24T13:55:14.385Z"}}], "cna": {"title": "Frontend Login and Registration Blocks <= 1.0.7 - Authenticated (Subscriber+) Privilege Escalation via Password Reset", "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "arkenon", "product": "Frontend Login and Registration Blocks", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.0.7"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-23T19:45:40.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b06ce1e4-5cfb-415d-ad09-db194d6b4354?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/frontend-login-and-registration-blocks/trunk/inc/class-flr-blocks-lost-password.php#L115"}], "descriptions": [{"lang": "en", "value": "The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not properly validating a user's identity prior to updating a password. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-620", "description": "CWE-620 Unverified Password Change"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-04-24T08:23:49.815Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3607", "state": "PUBLISHED", "dateUpdated": "2025-04-24T13:55:34.115Z", "dateReserved": "2025-04-14T19:58:14.576Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-04-24T08:23:49.815Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.8. This is due to the plugin not properly validating a user's identity prior to updating a password. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account."}, {"lang": "es", "value": "El complemento Frontend Login and Registration Blocks para WordPress es vulnerable a la escalada de privilegios mediante el robo de cuentas en todas las versiones hasta la 1.0.7 incluida. Esto se debe a que el complemento no valida correctamente la identidad del usuario antes de actualizar la contrase\u00f1a. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, cambien las contrase\u00f1as de usuarios arbitrarios, incluidos los administradores, y aprovechen esta situaci\u00f3n para acceder a sus cuentas."}], "id": "CVE-2025-3607", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-04-24T09:15:31.730", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/frontend-login-and-registration-blocks/trunk/inc/class-flr-blocks-lost-password.php#L115"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3325911/#file10"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3325911/#file35"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b06ce1e4-5cfb-415d-ad09-db194d6b4354?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-620"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T23:11:27.690848+00:00", "value": {"mitigation_remediation": ["Update the arkenon Login, Registration and Lost Password Blocks plugin to version 1.0.9 or later, which includes the necessary identity validation for password changes.", "If an immediate update is not possible, immediately restrict Subscriber-level users from the password reset capability or disable the plugin entirely for those users until a patch can be applied.", "Consider implementing additional verification steps such as requiring confirmation emails or two\u2011factor authentication for password changes to reduce the risk of unauthorized resets."], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "WordPress sites running the arkenon Login, Registration and Lost Password Blocks plugin, with any version up to and including 1.0.8, are affected. The vulnerability is specific to the plugin\u2019s lost\u2011password handling code and does not extend to other plugins or WordPress core.", "description_and_impact": "The Frontend Login and Registration Blocks plugin for WordPress contains a flaw that prevents proper identity verification before a password change is performed. As a result, any authenticated user with Subscriber-level permission or higher can arbitrarily alter any other user's password, including that of administrators or other privileged accounts. This allows the attacker to assume the identity of a target account entirely, potentially leading to full system compromise.", "risk_and_exploitability": "The flaw carries a CVSS score of 8.8, indicating a high severity. Although the EPSS score is reported as <1%, meaning that exploitation bids are currently rare, the vulnerability remains open and has not been listed in CISA KEV. The attack vector is limited to authenticated users; an attacker must first obtain a valid user token with Subscriber or higher access. Once authenticated, the attacker can target any account\u2019s password reset endpoint, making this a straightforward privilege escalation vector in any affected site. The impact is substantial: compromised administrator credentials can expose data, alter configurations, and facilitate further attacks."}}}}, "created": "2025-07-12T22:09:34.581958+00:00", "updated": "2026-04-20T23:15:06.309263+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}