PT-2025-30957 · WordPress · Melapress Login Security
Kenneth Dunn
·
Published
2025-07-26
·
Updated
2025-07-26
·
CVE-2025-6895
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Melapress Login Security versions 2.1.0 through 2.1.1
Description
The Melapress Login Security plugin for WordPress is susceptible to authentication bypass due to missing authorization within the
get valid user based on token() function. This allows unauthenticated attackers with knowledge of an arbitrary user meta value to bypass authentication checks and log in as that user.Recommendations
Update Melapress Login Security to a version later than 2.1.1.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Melapress Login Security