Frontend Login and Registration Blocks Privilege Escalation Vulnerability in WordPress

Vulnerability

A privilege escalation vulnerability allowing account takeover has been identified in the Frontend Login and Registration Blocks plugin for WordPress, affecting all versions through 1.0.7. The vulnerability arises because the plugin fails to properly verify a user's identity before allowing updates to user details such as email addresses. This flaw enables unauthenticated attackers to change the email addresses of any user, including administrators. Once the email is changed, the attacker can reset the user's password and gain access to their account.

Impact

Exploitation of this vulnerability allows for unauthorized users to gain access to other users' accounts, including those of administrators, by changing their email addresses and resetting their passwords.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

0.0

threat

3.5

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

0.0

threat

3.5

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Frontend Login and Registration Blocks Privilege Escalation Vulnerability in WordPress

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating