Description
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the flr_blocks_user_settings_handle_ajax_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
Published: 2025-05-09
Score: 9.8 Critical
EPSS: 12.7% Moderate
KEV: No
Impact: Privilege Escalation via Account Takeover
Action: Immediate Patch
AI Analysis

Impact

The Frontend Login and Registration Blocks plugin for WordPress allows an unauthenticated attacker to trigger an account takeover. The flaw arises because the flr_blocks_user_settings_handle_ajax_callback() function does not verify the caller’s identity before letting them change user data. An attacker can alter any user’s e‑mail address, including site administrators, and then reset the compromised password, gaining full control of the account. This constitutes a high‑severity privilege escalation flaw identified as CWE‑639.

Affected Systems

The problem affects all versions of the arkenon Login, Registration and Lost Password Blocks plugin up to and including 1.1.1. WordPress sites that have this plugin installed and have not applied the latest fix are vulnerable.

Risk and Exploitability

The CVSS score of 9.8 indicates critical severity, and the EPSS score of 13% suggests a moderate likelihood that this vulnerability will be actively exploited. The flaw is not yet listed in the CISA KEV catalog. The exploit process is straightforward: an unauthenticated user sends a crafted AJAX request to the plugin’s endpoint to change the target user’s e‑mail address. No special privileges or additional software are required, making the attack path simple and likely to occur in the wild.

Generated by OpenCVE AI on April 22, 2026 at 14:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Frontend Login and Registration Blocks plugin to version 1.1.2 or later, where the privilege‑escalation bug is fixed.
  • If the plugin is not required, temporarily disable or remove it until the patch is applied.
  • Disable or restrict the ability to change user e‑mail addresses without confirmation; if the plugin provides a setting, enforce a confirmation step for e‑mail modifications.
  • Enforce strong password policies and enable multi‑factor authentication for all accounts, especially administrators, to mitigate the impact of any account takeover.

Generated by OpenCVE AI on April 22, 2026 at 14:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 17:00:00 +0000

Type Values Removed Values Added
Description The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the flr_blocks_user_settings_handle_ajax_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the flr_blocks_user_settings_handle_ajax_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
Title Frontend Login and Registration Blocks <= 1.0.7 - Unauthenticated Privilege Escalation via Account Takeover Frontend Login and Registration Blocks <= 1.1.1 - Unauthenticated Privilege Escalation via Account Takeover

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.02955}

 epss

{'score': 0.03082}

Fri, 09 May 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 09 May 2025 07:00:00 +0000

Type Values Removed Values Added
Description The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the flr_blocks_user_settings_handle_ajax_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
Title Frontend Login and Registration Blocks <= 1.0.7 - Unauthenticated Privilege Escalation via Account Takeover
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:34:59.313Z

Reserved: 2025-04-14T19:39:49.270Z

Link: CVE-2025-3605

cve-icon Vulnrichment

Updated: 2025-05-09T15:42:50.117Z

cve-icon NVD

Status : Deferred

Published: 2025-05-09T07:16:10.570

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-3605

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T15:00:05Z

Weaknesses