CVE-2025-4607 - Vulnerability Details

- PSW Front-end Login & Registration <= 1.12 - Insufficiently Random Values to Unauthenticated Account Takeover/Privilege Escalation via customer_registration Function

Description

The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_registration() function. This is due to the use of a weak, low-entropy OTP mechanism in the forget() function. This makes it possible for unauthenticated attackers to initiate a password reset for any user, including administrators, and elevate their privileges for full site takeover.

Published: 2025-05-31

Score: 9.8 Critical

EPSS: 1.1% Low

KEV: No

Impact:

Action:

Analysis

Impact

The PSW Front-end Login & Registration plugin for WordPress, in versions 1.12 and earlier, contains a weak, low‑entropy one‑time‑password mechanism implemented in the forget() function. An unauthenticated attacker can exploit this flaw to trigger a password reset for any user, including administrators. Once the password reset succeeds, the attacker obtains full administrative privileges, enabling complete site takeover. This constitutes a privilege escalation vulnerability rooted in CWE‑330, where insufficient entropy allows an attacker to predict the reset code.

Affected Systems

Systems impacted are WordPress installations that employ the PSW Front-end Login & Registration plugin by EmpoweringProWebsite, any installation running a plugin version up to and including 1.12. Without a patch, every account on the site is vulnerable, regardless of role.

Risk and Exploitability

The vulnerability has a CVSS score of 9.8, reflecting its critical nature. The EPSS score of 1% indicates that the probability of exploitation in the wild is low, but still possible, especially if attackers target high‑value WordPress sites. The flaw is not listed in the CISA KEV catalog, which suggests no widespread exploitation has been formally documented yet. Attackers can leverage the publicly accessible password‑reset endpoint, with no authentication required, to carry out the exploit remotely. The combination of a low entropy OTP and the ability to trigger the reset for any user makes the attack efficient and difficult to defend against without a patch.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

empoweringprowebsite

PSW Front-end Login & Registration

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.12

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check with the vendor for an official patch or an updated plugin version that addresses the OTP weakness.
If a patch is not available, disable the password reset functionality or restrict it to a whitelist of trusted IP addresses using web‑application firewall rules.
Replace the weak OTP implementation with a cryptographically secure random generator, or enforce a stronger reset code policy in the plugin configuration.
Monitor authentication logs for repeated password‑reset requests and block suspicious activity via rate limiting.

Generated by OpenCVE AI on April 21, 2026 at 20:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-16545	The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_registration() function. This is due to the use of a weak, low-entropy OTP mechanism in the forget() function. This makes it possible for unauthenticated attackers to initiate a password reset for any user, including administrators, and elevate their privileges for full site takeover.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01063.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
https://plugins.trac.wordpress.org/browser/psw-login-and-registration/trunk/public/class-prositegeneralfeatures-public.php#L323
https://plugins.trac.wordpress.org/browser/psw-login-and-registration/trunk/public/class-prositegeneralfeatures-public.php#L493
https://plugins.trac.wordpress.org/browser/psw-login-and-registration/trunk/public/class-prositegeneralfeatures-public.php#L731
https://wordpress.org/plugins/psw-login-and-registration/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/a2d6e595-0682-4a41-a432-afbcb50144e8?source=cve

History

Mon, 02 Jun 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Sat, 31 May 2025 06:45:00 +0000

Type	Values Removed	Values Added
Description		The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_registration() function. This is due to the use of a weak, low-entropy OTP mechanism in the forget() function. This makes it possible for unauthenticated attackers to initiate a password reset for any user, including administrators, and elevate their privileges for full site takeover.
Title		PSW Front-end Login & Registration <= 1.12 - Insufficiently Random Values to Unauthenticated Account Takeover/Privilege Escalation via customer_registration Function
Weaknesses		CWE-330
References		https://plugins.trac.wordpress.org/browser/psw-login-and-registration/trunk/public/class-prositegeneralfeatures-public.php#L323 https://plugins.trac.wordpress.org/browser/psw-login-and-registration/trunk/public/class-prositegeneralfeatures-public.php#L493 https://plugins.trac.wordpress.org/browser/psw-login-and-registration/trunk/public/class-prositegeneralfeatures-public.php#L731 https://wordpress.org/plugins/psw-login-and-registration/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/a2d6e595-0682-4a41-a432-afbcb50144e8?source=cve
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2025-05-31T06:40:56.485Z

Updated: 2026-04-08T17:12:43.620Z

Reserved: 2025-05-12T19:29:25.486Z

Link: CVE-2025-4607

Vulnrichment

Updated: 2025-06-02T15:18:11.863Z

NVD

Status : Deferred

Published: 2025-05-31T07:15:21.070

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-4607

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-21T20:45:25Z

Weaknesses

CWE-330

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object