CVE-2025-58595
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-06
Last updated on: 2026-04-29
Assigner: Patchstack
Description
Description
Authentication Bypass by Spoofing vulnerability in Saad Iqbal All In One Login change-wp-admin-login allows Identity Spoofing.This issue affects All In One Login: from n/a through <= 2.0.8.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| saad_iqbal | all_in_one_login | 2.0.8 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-290 | This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Authentication Bypass by Spoofing in the Saad Iqbal All In One Login change-wp-admin-login plugin. It allows an attacker to perform identity spoofing, meaning they can bypass authentication mechanisms and impersonate other users.
How can this vulnerability impact me? :
This vulnerability can allow attackers to bypass authentication and gain unauthorized access to user accounts or administrative functions, potentially leading to unauthorized actions, data exposure, or control over the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70