CVE-2025-15018
Unknown Unknown - Not Provided
Privilege Escalation in WordPress Optional Email Plugin Allows Account Takeover

Publication date: 2026-01-07

Last updated on: 2026-01-07

Assigner: Wordfence

Description
The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in all versions up to, and including, 1.3.11. This is due to the plugin not restricting its 'random_password' filter to registration contexts, allowing the filter to affect password reset key generation. This makes it possible for unauthenticated attackers to set a known password reset key when initiating a password reset, reset the password of any user including administrators, and gain access to their accounts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-07
Last Modified
2026-01-07
Generated
2026-06-16
AI Q&A
2026-01-07
EPSS Evaluated
2026-06-15
NVD
CVE-2025-15018
EUVD
EUVD-2026-1282
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
unknown_vendor optional_email to 1.3.11 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The Optional Email plugin for WordPress has a vulnerability that allows unauthenticated attackers to escalate privileges by taking over accounts. This happens because the plugin's 'random_password' filter is not limited to user registration contexts and can be exploited during password reset. Attackers can set a known password reset key, reset any user's password including administrators, and gain unauthorized access to their accounts.

Impact Analysis

This vulnerability can allow attackers to gain unauthorized access to any user account on a WordPress site using the Optional Email plugin, including administrator accounts. This can lead to full site compromise, data theft, unauthorized changes, and loss of control over the website.

Mitigation Strategies

To mitigate this vulnerability, immediately update the Optional Email plugin for WordPress to a version later than 1.3.11 where the issue is fixed. If an update is not yet available, disable or remove the plugin to prevent exploitation. Additionally, monitor user accounts for unauthorized password resets and consider resetting passwords for critical accounts as a precaution.

Compliance Impact

The vulnerability allows unauthenticated attackers to take over accounts, including administrator accounts, by exploiting the password reset mechanism without proper email verification. This undermines user identity verification and access controls, which are critical for protecting personal data. Consequently, this could lead to unauthorized access to sensitive user information, potentially violating data protection requirements under standards like GDPR and HIPAA that mandate strict access controls and user authentication measures. [2]

Detection Guidance

This vulnerability can be detected by identifying if the Optional Email WordPress plugin version 1.3.11 or earlier is installed and active on your WordPress site. Since the vulnerability involves unauthenticated attackers exploiting the 'random_password' filter during password reset, monitoring password reset requests and unusual password reset key values could help detect exploitation attempts. Specific commands to detect the plugin version include using WP-CLI to list installed plugins and their versions, for example: `wp plugin list --format=json` and checking for 'optional-email' plugin version 1.3.11 or below. Additionally, reviewing web server logs for suspicious password reset requests or POST requests to password reset endpoints may help. However, no explicit detection commands are provided in the resources. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15018. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart