PT-2026-5609 · WordPress · User Profile Builder
Drew Webber
·
Published
2026-02-02
·
Updated
2026-02-07
·
CVE-2025-15030
CVSS v3.1
9.8
Critical
| AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
User Profile Builder WordPress plugin versions prior to 3.15.2
Description
The User Profile Builder WordPress plugin does not have a secure password reset process. This allows unauthenticated requests to reset the password for any user, including administrators, by knowing their username. Successful exploitation grants access to user accounts.
Recommendations
Update to User Profile Builder WordPress plugin version 3.15.2 or later.
Exploit
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
User Profile Builder