CVE-2025-1717 – The Login Me Now WordPress plugin versions up t... (How to Fix)

Q: What is the severity of CVE-2025-1717?

CVE-2025-1717 has a CVSS score of 8.1 (HIGH). The Login Me Now WordPress plugin versions up to 1.7.2 contain an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing user, including administrators. This occurs due to insecure authentication based on an arbitrary transient name in the AutoLogin::listen() function. All WordPress sites using vulnerable versions of this plugin are affected.

📋 TL;DR

The Login Me Now WordPress plugin versions up to 1.7.2 contain an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing user, including administrators. This occurs due to insecure authentication based on an arbitrary transient name in the AutoLogin::listen() function. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

Login Me Now WordPress Plugin

Versions: Up to and including 1.7.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires using a transient name and value from other software, making exploitation dependent on specific conditions.

📦 What is this software?

Login Me Now by Pluginly

View all CVEs affecting Login Me Now →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to WordPress sites, enabling complete site takeover, data theft, malware installation, and defacement.

🟠

Likely Case

Attackers gain access to user accounts for privilege escalation, data exfiltration, or lateral movement within the site.

🟢

If Mitigated

Limited impact if proper network segmentation, monitoring, and least privilege principles are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires knowledge of transient names/values from other software components.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.7.3 or later

Vendor Advisory: https://plugins.trac.wordpress.org/browser/login-me-now/tags/1.7.3

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Login Me Now plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.7.3+ from WordPress repository and replace plugin files.

🔧 Temporary Workarounds

Disable Login Me Now Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate login-me-now

🧯 If You Can't Patch

Disable the Login Me Now plugin immediately
Implement strict network access controls to limit exposure

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Login Me Now > Version number. If version is 1.7.2 or lower, you are vulnerable.

Check Version:

wp plugin get login-me-now --field=version

Verify Fix Applied:

Verify plugin version is 1.7.3 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual authentication patterns
Multiple failed login attempts followed by successful login from same IP
Administrator logins from unexpected locations

Network Indicators:

HTTP requests to /wp-admin with unusual parameters
Requests containing transient-related parameters

SIEM Query:

source="wordpress" AND (event_type="authentication" AND result="success") AND user_agent NOT IN ["expected_user_agents"]

📊 Metadata

CVE ID: CVE-2025-1717

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-288

EPSS Score: 0.45% exploit probability (63.1th percentile)

Published: February 27, 2025

Last Updated: March 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1717, you might also want to check these: