CVE-2025-15030
BaseFortify
Publication date: 2026-02-02
Last updated on: 2026-02-02
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wpengine | user_profile_builder | to 3.15.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the User Profile Builder WordPress plugin versions before 3.15.2. It allows unauthenticated attackers to reset the password of any user, including administrators, by exploiting an improper password reset process that does not require authentication. The attacker only needs to know the target username and can send a series of HTTP requests to reset the password and gain access to the account. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to take over any user account, including administrator accounts, on a WordPress site using the User Profile Builder plugin. This can lead to unauthorized access, data theft, site defacement, or complete control over the website, severely compromising the security and integrity of the affected system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious HTTP requests targeting the WordPress login endpoints related to password reset actions. Specifically, look for POST requests to `/wp-login.php?action=lostpassword` containing usernames, followed by GET requests to `/wp-login.php?action=rp&key={malicious_key}&login={username}`, and POST requests to `/wp-login.php?action=resetpass` with new password parameters and reset keys. Network monitoring tools or web server logs can be searched for these patterns. For example, using command-line tools like `grep` on web server logs: `grep 'wp-login.php?action=lostpassword' /path/to/access.log` and similarly for the other endpoints. Additionally, intrusion detection systems can be configured to alert on these sequences of requests. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the User Profile Builder WordPress plugin to version 3.15.2 or later, where the vulnerability is fixed. Until the update can be applied, restrict access to the WordPress login endpoints, implement additional authentication or CAPTCHA on password reset requests, and monitor for suspicious password reset activity to reduce the risk of exploitation. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to reset passwords of any user, including administrators, leading to unauthorized access to user accounts. This unauthorized access can result in exposure or manipulation of personal and sensitive data, potentially violating data protection requirements under standards like GDPR and HIPAA. Therefore, the vulnerability negatively impacts compliance by undermining access controls and data security obligations. [1]