Primary

Context

PeproDev Ultimate Profile Solutions WordPress Plugin Data Exposure Vulnerability

Vulnerability

A vulnerability in the PeproDev Ultimate Profile Solutions plugin for WordPress allows unauthorized data access through a publicly available reset-password endpoint. The plugin retrieves the 'valid_email' value based solely on the provided username, without confirming that the requester is linked to that user account. This flaw enables unauthenticated attackers to enumerate email addresses of any user, including administrators.

Impact

Exploitation of this vulnerability allows for unauthorized email enumeration, potentially leading to targeted phishing attacks or other social engineering tactics.

Remediation

No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PeproDev Ultimate Profile Solutions WordPress Plugin Data Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating