CVE-2025-6895
📋 TL;DR
The Melapress Login Security WordPress plugin versions 2.1.0 to 2.1.1 contain an authentication bypass vulnerability in the get_valid_user_based_on_token() function. Unauthenticated attackers who know any user's meta value can log in as that user without credentials. This affects all WordPress sites using the vulnerable plugin versions.
💻 Affected Systems
- Melapress Login Security WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site compromise with administrative access, data theft, malware injection, and lateral movement to other systems.
Likely Case
Unauthorized access to user accounts, privilege escalation, data exfiltration, and content manipulation.
If Mitigated
Limited impact if plugin is disabled or patched quickly, but any exposed user accounts remain at risk.
🎯 Exploit Status
Exploitation requires knowing a user meta value, which could be obtained through other vulnerabilities or information disclosure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.1.2
Vendor Advisory: https://wordpress.org/plugins/melapress-login-security/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Melapress Login Security' and click 'Update Now'. 4. Verify version is 2.1.2 or higher.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate melapress-login-security
Restrict Access
linuxImplement IP whitelisting for WordPress admin access
# Add to .htaccess for Apache: Order Deny,Allow
Deny from all
Allow from 192.168.1.0/24
# Add to nginx config: allow 192.168.1.0/24; deny all;
🧯 If You Can't Patch
- Disable the Melapress Login Security plugin immediately
- Implement web application firewall rules to block suspicious authentication attempts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for Melapress Login Security version 2.1.0 or 2.1.1Check Version:
wp plugin get melapress-login-security --field=versionVerify Fix Applied:
Confirm plugin version is 2.1.2 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual authentication patterns
- Multiple failed login attempts followed by success from same IP
- User logins from unexpected locations
Network Indicators:
- HTTP POST requests to wp-login.php with unusual parameters
- Requests to plugin-specific authentication endpoints
SIEM Query:
source="wordpress" AND (event="authentication" AND result="success") AND user_agent NOT IN ["expected_user_agents"]🔗 References
- https://plugins.trac.wordpress.org/browser/melapress-login-security/tags/2.1.1/app/class-melapress-login-security.php
- https://plugins.trac.wordpress.org/browser/melapress-login-security/tags/2.1.1/app/modules/temporary-logins/class-temporary-logins.php
- https://plugins.trac.wordpress.org/changeset/3328137
- https://wordpress.org/plugins/melapress-login-security/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/6f65d5c4-6f53-4836-9130-c9f4ed3be893?source=cve
