CVE-2025-15030

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions User Profile Builder WordPress plugin versions prior to 3.15.2

Description The User Profile Builder WordPress plugin does not have a secure password reset process. This allows unauthenticated requests to reset the password for any user, including administrators, by knowing their username. Successful exploitation grants access to user accounts.

Recommendations Update to User Profile Builder WordPress plugin version 3.15.2 or later.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2025-15030

Affected Products

User Profile Builder

CVE-2025-15030

Weakness Enumeration

Related Identifiers

Affected Products

References · 6