CVE-2025-15030
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-02-02

Last updated on: 2026-02-02

Assigner: WPScan

Description
The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-02
Last Modified
2026-02-02
Generated
2026-06-16
AI Q&A
2026-02-02
EPSS Evaluated
2026-06-15
NVD
CVE-2025-15030
EUVD
EUVD-2025-206614
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wpengine user_profile_builder to 3.15.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects the User Profile Builder WordPress plugin versions before 3.15.2. It allows unauthenticated attackers to reset the password of any user, including administrators, by exploiting an improper password reset process that does not require authentication. The attacker only needs to know the target username and can send a series of HTTP requests to reset the password and gain access to the account. [1]

Impact Analysis

This vulnerability can allow attackers to take over any user account, including administrator accounts, on a WordPress site using the User Profile Builder plugin. This can lead to unauthorized access, data theft, site defacement, or complete control over the website, severely compromising the security and integrity of the affected system. [1]

Detection Guidance

This vulnerability can be detected by monitoring for suspicious HTTP requests targeting the WordPress login endpoints related to password reset actions. Specifically, look for POST requests to `/wp-login.php?action=lostpassword` containing usernames, followed by GET requests to `/wp-login.php?action=rp&key={malicious_key}&login={username}`, and POST requests to `/wp-login.php?action=resetpass` with new password parameters and reset keys. Network monitoring tools or web server logs can be searched for these patterns. For example, using command-line tools like `grep` on web server logs: `grep 'wp-login.php?action=lostpassword' /path/to/access.log` and similarly for the other endpoints. Additionally, intrusion detection systems can be configured to alert on these sequences of requests. [1]

Mitigation Strategies

The immediate mitigation step is to update the User Profile Builder WordPress plugin to version 3.15.2 or later, where the vulnerability is fixed. Until the update can be applied, restrict access to the WordPress login endpoints, implement additional authentication or CAPTCHA on password reset requests, and monitor for suspicious password reset activity to reduce the risk of exploitation. [1]

Compliance Impact

The vulnerability allows unauthenticated attackers to reset passwords of any user, including administrators, leading to unauthorized access to user accounts. This unauthorized access can result in exposure or manipulation of personal and sensitive data, potentially violating data protection requirements under standards like GDPR and HIPAA. Therefore, the vulnerability negatively impacts compliance by undermining access controls and data security obligations. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15030. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart