Login Sign Up

CVE-2025-39565

6.6 MEDIUM
Remote Code Execution Authentication Bypass Deserialization

📋 TL;DR

A PHP object injection vulnerability in Melapress Login Security WordPress plugin allows attackers to execute arbitrary code through deserialization of untrusted data. This affects all WordPress sites using the plugin versions up to 2.1.0. Attackers can potentially gain unauthorized access and control over affected websites.

💻 Affected Systems

Products:
  • Melapress Login Security WordPress Plugin
Versions: n/a through 2.1.0
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: All WordPress installations with vulnerable plugin versions are affected regardless of configuration.

📦 What is this software?

Melapress Login Security by Melapress

View all CVEs affecting Melapress Login Security →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete site compromise, data theft, malware installation, or website defacement.

🟠

Likely Case

Unauthorized administrative access, privilege escalation, or backdoor installation on vulnerable WordPress sites.

🟢

If Mitigated

Limited impact if proper input validation and security controls prevent exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Deserialization vulnerabilities are commonly exploited in WordPress environments. While no public PoC exists, similar vulnerabilities are frequently weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.1 or later

Vendor Advisory: https://patchstack.com/database/wordpress/plugin/melapress-login-security/vulnerability/wordpress-melapress-login-security-2-1-0-php-object-injection-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Melapress Login Security. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate melapress-login-security

Restrict Access

all

Implement web application firewall rules to block suspicious deserialization attempts

🧯 If You Can't Patch

  • Implement strict input validation and sanitization for all user inputs
  • Deploy web application firewall with rules targeting PHP object injection patterns

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Melapress Login Security version

Check Version:

wp plugin get melapress-login-security --field=version

Verify Fix Applied:

Verify plugin version is 2.1.1 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to WordPress admin-ajax.php or admin-post.php
  • PHP serialized data in unexpected locations
  • Failed authentication attempts followed by unusual activity

Network Indicators:

  • HTTP requests containing serialized PHP objects (O:)
  • Suspicious traffic to /wp-admin/admin-ajax.php

SIEM Query:

source="wordpress.log" AND ("melapress" OR "admin-ajax.php") AND ("serialize" OR "unserialize" OR "O:")

📊 Metadata

CVE ID: CVE-2025-39565
CVSS v3 Score: 6.6 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-502
EPSS Score: 0.3% exploit probability (52.9th percentile)
Published: April 16, 2025
Last Updated: July 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-39565, you might also want to check these:

CVE-2023-46604 10.0

CVE-2023-46604 is a critical remote code execution vulnerability in Apache ActiveMQ's Java OpenWire ...

Same vulnerability type (CWE-502)
CVE-2023-49772 10.0

This vulnerability allows unauthenticated attackers to execute arbitrary PHP code through deserializ...

Same vulnerability type (CWE-502)
CVE-2024-25100 10.0

This vulnerability allows unauthenticated attackers to inject malicious PHP objects via deserializat...

Same vulnerability type (CWE-502)