Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in Hossein Material Dashboard material-dashboard allows Authentication Bypass.This issue affects Material Dashboard: from n/a through <= 1.4.5.
Published: 2025-04-01
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an Authentication Bypass Using an Alternate Path or Channel that allows an attacker to gain elevated privileges in the Hossein Material Dashboard plugin. The weakness permits bypassing normal authentication mechanisms, which means an attacker can perform actions normally reserved for authorized users. The consequence is a full escalation of privilege within the WordPress installation, enabling the attacker to modify content, upload malware, or compromise the entire site.

Affected Systems

Hossein:Material Dashboard, the Material Dashboard plugin for WordPress, versions up to and including 1.4.5 are affected. All installations of this plugin in that version range are vulnerable.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the near term. This vulnerability is not featured in the CISA KEV catalog. The attack vector is inferred to be remote via the web interface, as the bypass occurs through an alternate web path. The lack of specific exploitation details in the description means that the exploitation likely requires access to the site’s public URLs and the ability to manipulate request paths, but an authenticated session is not necessary to trigger the privilege escalation.

Generated by OpenCVE AI on May 1, 2026 at 02:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Material Dashboard plugin to the newest version that fixes the authentication bypass; if version 1.4.6 or later is available, migrate to it.
  • If an upgrade cannot be performed immediately, remove or deactivate the Material Dashboard plugin from the site to eliminate the attack surface.
  • Apply strict access control, such as IP whitelisting or two‑factor authentication, for the WordPress admin area to limit the impact of any potential bypass attempts.
  • Continuously monitor WordPress logs for anomalous authentication or privilege actions and investigate any suspicious activity promptly.

Generated by OpenCVE AI on May 1, 2026 at 02:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9068 Authentication Bypass Using an Alternate Path or Channel vulnerability in ho3einie Material Dashboard allows Authentication Bypass. This issue affects Material Dashboard: from n/a through 1.4.5.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Authentication Bypass Using an Alternate Path or Channel vulnerability in ho3einie Material Dashboard allows Authentication Bypass. This issue affects Material Dashboard: from n/a through 1.4.5. Authentication Bypass Using an Alternate Path or Channel vulnerability in Hossein Material Dashboard material-dashboard allows Authentication Bypass.This issue affects Material Dashboard: from n/a through <= 1.4.5.
Title WordPress Material Dashboard <= 1.4.5 - Privilege Escalation Vulnerability WordPress Material Dashboard plugin <= 1.4.5 - Privilege Escalation Vulnerability
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 01 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 01 Apr 2025 05:45:00 +0000

Type Values Removed Values Added
Description Authentication Bypass Using an Alternate Path or Channel vulnerability in ho3einie Material Dashboard allows Authentication Bypass. This issue affects Material Dashboard: from n/a through 1.4.5.
Title WordPress Material Dashboard <= 1.4.5 - Privilege Escalation Vulnerability
Weaknesses CWE-288
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:05.083Z

Reserved: 2025-03-26T09:26:19.815Z

Link: CVE-2025-31095

cve-icon Vulnrichment

Updated: 2025-04-01T13:39:23.103Z

cve-icon NVD

Status : Deferred

Published: 2025-04-01T06:15:56.570

Modified: 2026-04-23T15:27:41.877

Link: CVE-2025-31095

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T02:45:06Z

Weaknesses