CVE-2025-7444

Name of the Vulnerable Software and Affected Versions LoginPress Pro versions prior to 5.0.1

Description The LoginPress Pro plugin for WordPress is susceptible to authentication bypass in all versions up to and including 5.0.1. This issue stems from inadequate verification of the user returned by the social login token. This allows unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email address and the user does not already have an account for the service returning the token.

Recommendations Update LoginPress Pro to version 5.0.1 or later.