CVE-2025-4607
📋 TL;DR
The PSW Front-end Login & Registration WordPress plugin has a critical privilege escalation vulnerability that allows unauthenticated attackers to reset passwords for any user, including administrators. This can lead to full site takeover by elevating privileges. All WordPress sites using this plugin up to version 1.12 are affected.
💻 Affected Systems
- PSW Front-end Login & Registration WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site compromise with administrative access, data theft, malware injection, and defacement.
Likely Case
Administrative account takeover leading to unauthorized content changes, plugin/theme installation, and data access.
If Mitigated
Limited impact if strong authentication controls, monitoring, and backups exist, but still requires remediation.
🎯 Exploit Status
Exploitation requires understanding of weak OTP mechanism but is straightforward for attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check plugin repository for version >1.12
Vendor Advisory: https://wordpress.org/plugins/psw-login-and-registration/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find PSW Front-end Login & Registration. 4. Click 'Update Now' if available. 5. If no update, deactivate and delete the plugin immediately.
🔧 Temporary Workarounds
Immediate Plugin Deactivation
allDisable the vulnerable plugin to prevent exploitation.
wp plugin deactivate psw-login-and-registration
🧯 If You Can't Patch
- Deactivate and remove the PSW Front-end Login & Registration plugin immediately.
- Implement web application firewall (WAF) rules to block requests to the vulnerable forget() function endpoints.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for PSW Front-end Login & Registration version ≤1.12.Check Version:
wp plugin get psw-login-and-registration --field=versionVerify Fix Applied:
Confirm plugin version is >1.12 or plugin is removed from the plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual password reset requests, especially for admin users from unfamiliar IPs.
- Multiple failed login attempts followed by password reset activity.
Network Indicators:
- HTTP POST requests to /wp-admin/admin-ajax.php with action=customer_registration or forget parameters.
SIEM Query:
source="wordpress.log" AND ("customer_registration" OR "forget" OR "password reset") AND status=200🔗 References
- https://plugins.trac.wordpress.org/browser/psw-login-and-registration/trunk/public/class-prositegeneralfeatures-public.php#L323
- https://plugins.trac.wordpress.org/browser/psw-login-and-registration/trunk/public/class-prositegeneralfeatures-public.php#L493
- https://plugins.trac.wordpress.org/browser/psw-login-and-registration/trunk/public/class-prositegeneralfeatures-public.php#L731
- https://wordpress.org/plugins/psw-login-and-registration/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a2d6e595-0682-4a41-a432-afbcb50144e8?source=cve
