{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4607", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-12T19:29:25.486Z", "datePublished": "2025-05-31T06:40:56.485Z", "dateUpdated": "2026-04-08T17:12:43.620Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:12:43.620Z"}, "affected": [{"vendor": "empoweringprowebsite", "product": "PSW Front-end Login & Registration", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.12", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_registration() function. This is due to the use of a weak, low-entropy OTP mechanism in the forget() function. This makes it possible for unauthenticated attackers to initiate a password reset for any user, including administrators, and elevate their privileges for full site takeover."}], "title": "PSW Front-end Login & Registration <= 1.12 - Insufficiently Random Values to Unauthenticated Account Takeover/Privilege Escalation via customer_registration Function", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2d6e595-0682-4a41-a432-afbcb50144e8?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/psw-login-and-registration/trunk/public/class-prositegeneralfeatures-public.php#L493"}, {"url": "https://wordpress.org/plugins/psw-login-and-registration/#developers"}, {"url": "https://plugins.trac.wordpress.org/browser/psw-login-and-registration/trunk/public/class-prositegeneralfeatures-public.php#L731"}, {"url": "https://plugins.trac.wordpress.org/browser/psw-login-and-registration/trunk/public/class-prositegeneralfeatures-public.php#L323"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-330 Use of Insufficiently Random Values", "cweId": "CWE-330", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "timeline": [{"time": "2025-05-30T18:09:43.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-02T15:37:18.671660Z", "id": "CVE-2025-4607", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-02T15:49:31.883Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4607", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-02T15:37:18.671660Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-02T15:18:11.863Z"}}], "cna": {"title": "PSW Front-end Login & Registration <= 1.12 - Insufficiently Random Values to Unauthenticated Account Takeover/Privilege Escalation via customer_registration Function", "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "empoweringprowebsite", "product": "PSW Front-end Login & Registration", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.12"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-05-30T18:09:43.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2d6e595-0682-4a41-a432-afbcb50144e8?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/psw-login-and-registration/trunk/public/class-prositegeneralfeatures-public.php#L493"}, {"url": "https://wordpress.org/plugins/psw-login-and-registration/#developers"}, {"url": "https://plugins.trac.wordpress.org/browser/psw-login-and-registration/trunk/public/class-prositegeneralfeatures-public.php#L731"}, {"url": "https://plugins.trac.wordpress.org/browser/psw-login-and-registration/trunk/public/class-prositegeneralfeatures-public.php#L323"}], "descriptions": [{"lang": "en", "value": "The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_registration() function. This is due to the use of a weak, low-entropy OTP mechanism in the forget() function. This makes it possible for unauthenticated attackers to initiate a password reset for any user, including administrators, and elevate their privileges for full site takeover."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-330", "description": "CWE-330 Use of Insufficiently Random Values"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:12:43.620Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4607", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:12:43.620Z", "dateReserved": "2025-05-12T19:29:25.486Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-05-31T06:40:56.485Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_registration() function. This is due to the use of a weak, low-entropy OTP mechanism in the forget() function. This makes it possible for unauthenticated attackers to initiate a password reset for any user, including administrators, and elevate their privileges for full site takeover."}, {"lang": "es", "value": "El complemento PSW Front-end Login &amp; Registration para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 1.12 incluida, a trav\u00e9s de la funci\u00f3n customer_registration(). Esto se debe al uso de un mecanismo OTP d\u00e9bil y de baja entrop\u00eda en la funci\u00f3n forget(). Esto permite a atacantes no autenticados iniciar el restablecimiento de contrase\u00f1a de cualquier usuario, incluidos los administradores, y elevar sus privilegios para obtener el control total del sitio."}], "id": "CVE-2025-4607", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-05-31T07:15:21.070", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/psw-login-and-registration/trunk/public/class-prositegeneralfeatures-public.php#L323"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/psw-login-and-registration/trunk/public/class-prositegeneralfeatures-public.php#L493"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/psw-login-and-registration/trunk/public/class-prositegeneralfeatures-public.php#L731"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/psw-login-and-registration/#developers"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2d6e595-0682-4a41-a432-afbcb50144e8?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-330"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T20:33:13.016603+00:00", "value": {"mitigation_remediation": ["Check with the vendor for an official patch or an updated plugin version that addresses the OTP weakness.", "If a patch is not available, disable the password reset functionality or restrict it to a whitelist of trusted IP addresses using web\u2011application firewall rules.", "Replace the weak OTP implementation with a cryptographically secure random generator, or enforce a stronger reset code policy in the plugin configuration.", "Monitor authentication logs for repeated password\u2011reset requests and block suspicious activity via rate limiting."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation via Weak OTP"}, "threat_synthesis": {"affected_systems": "Systems impacted are WordPress installations that employ the PSW Front-end Login & Registration plugin by EmpoweringProWebsite, any installation running a plugin version up to and including 1.12. Without a patch, every account on the site is vulnerable, regardless of role.", "description_and_impact": "The PSW Front-end Login & Registration plugin for WordPress, in versions 1.12 and earlier, contains a weak, low\u2011entropy one\u2011time\u2011password mechanism implemented in the forget() function. An unauthenticated attacker can exploit this flaw to trigger a password reset for any user, including administrators. Once the password reset succeeds, the attacker obtains full administrative privileges, enabling complete site takeover. This constitutes a privilege escalation vulnerability rooted in CWE\u2011330, where insufficient entropy allows an attacker to predict the reset code.", "risk_and_exploitability": "The vulnerability has a CVSS score of 9.8, reflecting its critical nature. The EPSS score of 1% indicates that the probability of exploitation in the wild is low, but still possible, especially if attackers target high\u2011value WordPress sites. The flaw is not listed in the CISA KEV catalog, which suggests no widespread exploitation has been formally documented yet. Attackers can leverage the publicly accessible password\u2011reset endpoint, with no authentication required, to carry out the exploit remotely. The combination of a low entropy OTP and the ability to trigger the reset for any user makes the attack efficient and difficult to defend against without a patch."}}}}, "created": "2026-04-21T20:45:25.972677+00:00", "updated": "2026-04-21T20:45:25.972690+00:00", "vendors": []}