Primary

Context

MelaPress Login Security and MelaPress Login Security Premium Unauthorized User Deletion Vulnerability

Vulnerability

Patched

A vulnerability allowing unauthorized deletion of users has been identified in the MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress, specifically in version 2.1.0. This issue arises from a missing capability check in the 'monitor_admin_actions' function, which enables unauthenticated attackers to delete any user.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of users.

Reproduction

The vulnerability can be reproduced by sending a request to the 'monitor_admin_actions' function without the necessary authorization. This can be done by an unauthenticated user, taking advantage of the missing capability check to delete a user.

Remediation

Users are advised to update to version 2.1.1 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

8.6

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

8.6

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MelaPress Login Security and MelaPress Login Security Premium Unauthorized User Deletion Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

MelaPress Login Security

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating