Home

Description

The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user.

PUBLISHED Reserved 2025-03-27 | Published 2025-04-08 | Updated 2025-04-08 | Assigner Wordfence




MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-862 Missing Authorization

Product status

Default status
unaffected

2.1.0
affected

Default status
unaffected

2.1.0
affected

Timeline

2025-04-07:Disclosed

Credits

Michelle Porter finder

References

www.wordfence.com/...-85b6-4bad-9bb2-26d64195ba7e?source=cve

plugins.trac.wordpress.org/...ins/class-temporary-logins.php

melapress.com/wordpress-login-security/releases/

plugins.trac.wordpress.org/changeset/3267748/

cve.org (CVE-2025-2876)

nvd.nist.gov (CVE-2025-2876)

Download JSON