CVE-2025-15018
Privilege Escalation in WordPress Optional Email Plugin Allows Account Takeover
Publication date: 2026-01-07
Last updated on: 2026-01-07
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unknown_vendor | optional_email | to 1.3.11 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to take over accounts, including administrator accounts, by exploiting the password reset mechanism without proper email verification. This undermines user identity verification and access controls, which are critical for protecting personal data. Consequently, this could lead to unauthorized access to sensitive user information, potentially violating data protection requirements under standards like GDPR and HIPAA that mandate strict access controls and user authentication measures. [2]
Can you explain this vulnerability to me?
The Optional Email plugin for WordPress has a vulnerability that allows unauthenticated attackers to escalate privileges by taking over accounts. This happens because the plugin's 'random_password' filter is not limited to user registration contexts and can be exploited during password reset. Attackers can set a known password reset key, reset any user's password including administrators, and gain unauthorized access to their accounts.
How can this vulnerability impact me? :
This vulnerability can allow attackers to gain unauthorized access to any user account on a WordPress site using the Optional Email plugin, including administrator accounts. This can lead to full site compromise, data theft, unauthorized changes, and loss of control over the website.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the Optional Email plugin for WordPress to a version later than 1.3.11 where the issue is fixed. If an update is not yet available, disable or remove the plugin to prevent exploitation. Additionally, monitor user accounts for unauthorized password resets and consider resetting passwords for critical accounts as a precaution.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if the Optional Email WordPress plugin version 1.3.11 or earlier is installed and active on your WordPress site. Since the vulnerability involves unauthenticated attackers exploiting the 'random_password' filter during password reset, monitoring password reset requests and unusual password reset key values could help detect exploitation attempts. Specific commands to detect the plugin version include using WP-CLI to list installed plugins and their versions, for example: `wp plugin list --format=json` and checking for 'optional-email' plugin version 1.3.11 or below. Additionally, reviewing web server logs for suspicious password reset requests or POST requests to password reset endpoints may help. However, no explicit detection commands are provided in the resources. [2]