{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25471", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-02T12:53:59.642Z", "datePublished": "2026-03-19T07:17:54.170Z", "dateUpdated": "2026-04-28T16:14:59.631Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "admin-safety-guard", "product": "Admin Safety Guard", "vendor": "Themepaste", "versions": [{"lessThanOrEqual": "1.2.6", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Robert Akhmerov (v31dt) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:44:01.432Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety Guard admin-safety-guard allows Password Recovery Exploitation.<p>This issue affects Admin Safety Guard: from n/a through <= 1.2.6.</p>"}], "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety Guard admin-safety-guard allows Password Recovery Exploitation.This issue affects Admin Safety Guard: from n/a through <= 1.2.6."}], "impacts": [{"capecId": "CAPEC-50", "descriptions": [{"lang": "en", "value": "Password Recovery Exploitation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:59.631Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/admin-safety-guard/vulnerability/wordpress-admin-safety-guard-plugin-1-2-2-broken-authentication-vulnerability?_s_id=cve"}], "title": "WordPress Admin Safety Guard plugin <= 1.2.6 - Broken Authentication vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-19T13:45:07.473110Z", "id": "CVE-2026-25471", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T13:45:16.958Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25471", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-19T13:45:07.473110Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T13:45:12.604Z"}}], "cna": {"tags": ["x_open-source"], "title": "WordPress Admin Safety Guard plugin <= 1.2.6 - Broken Authentication vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Robert Akhmerov (v31dt) | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-50", "descriptions": [{"lang": "en", "value": "CAPEC-50 Password Recovery Exploitation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Themepaste", "product": "Admin Safety Guard", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.2.6"}], "packageName": "admin-safety-guard", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/admin-safety-guard/vulnerability/wordpress-admin-safety-guard-plugin-1-2-2-broken-authentication-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety Guard allows Password Recovery Exploitation.This issue affects Admin Safety Guard: from n/a through 1.2.6.", "supportingMedia": [{"type": "text/html", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety Guard allows Password Recovery Exploitation.<p>This issue affects Admin Safety Guard: from n/a through 1.2.6.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-19T07:17:54.170Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25471", "state": "PUBLISHED", "dateUpdated": "2026-03-19T13:45:16.958Z", "dateReserved": "2026-02-02T12:53:59.642Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-19T07:17:54.170Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety Guard admin-safety-guard allows Password Recovery Exploitation.This issue affects Admin Safety Guard: from n/a through <= 1.2.6."}, {"lang": "es", "value": "Vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n usando una ruta o canal alternativo en Themepaste Admin Safety Guard permite la explotaci\u00f3n de la recuperaci\u00f3n de contrase\u00f1a. Este problema afecta a Admin Safety Guard: desde n/a hasta 1.2.6."}], "id": "CVE-2026-25471", "lastModified": "2026-04-28T19:37:07.930", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2026-03-19T08:16:19.140", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/admin-safety-guard/vulnerability/wordpress-admin-safety-guard-plugin-1-2-2-broken-authentication-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.2.6]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Admin Safety Guard", "source": "cna", "vendor": "Themepaste"}, "product": "admin_safety_guard", "vendor": "themepaste"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-29T00:48:15.578676+00:00", "value": {"mitigation_remediation": ["Update the Admin Safety Guard plugin to a version newer than 1.2.6.", "If an update cannot be applied immediately, disable or remove the plugin to eliminate the vulnerable functionality.", "Limit password\u2011reset attempts or add a CAPTCHA to the reset form to reduce the risk of abuse.", "Configure password\u2011reset tokens to expire quickly and bind them strictly to the intended user account."], "summary": {"action": "Patch Now", "impact": "Authentication Bypass"}, "threat_synthesis": {"affected_systems": "Affected installations include any version of the Admin Safety Guard plugin from Themepaste dated through 1.2.6. Non\u2011upgraded installations remain susceptible to the vulnerability.", "description_and_impact": "The Admin Safety Guard plugin for WordPress contains an authentication bypass that allows an attacker to exploit the password\u2011recovery mechanism via an alternate path or channel. The flaw permits changing a user\u2019s password without verifying the current password, granting unauthorized access. This issue affects versions from the initial release through 1.2.6. The vulnerability is classified as CWE\u2011288, directly undermining the integrity of user credentials.", "risk_and_exploitability": "The CVSS score of 8.1 indicates high severity. The EPSS score is below 1\u202f% and it does not appear in CISA\u2019s KEV catalog, indicating a low likelihood of widespread exploitation. The likely attack path involves requesting a password\u2011reset link, capturing or obtaining the reset token, and then using it to set a new password. This path is inferred from the description; the exact method of token acquisition is not detailed in the source. If an attacker can intercept or guess the reset link, account takeover is possible."}}}}, "created": "2026-03-19T08:54:28.813394+00:00", "updated": "2026-04-29T01:00:11.345831+00:00", "vendors": ["themepaste", "themepaste$PRODUCT$admin_safety_guard", "wordpress", "wordpress$PRODUCT$wordpress"]}