WordPress Plugin Vulnerabilities

PSW Front-end Login & Registration <= 1.12 - Authentication Bypass

Description

The plugin is vulnerable to Authentication Bypass due to the plugin not properly validating a user's identity prior to logging them in. This makes it possible for unauthenticated attackers to authenticate as other users, including administrators, without a valid password.

Affects Plugins

Plugin icon
psw-login-and-registration
No known fix

References

CVE
CVE-2025-47646
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/d84b94b3-b4ef-400c-8d4c-6b52d839c239

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
LVT-tholv2k
Verified
No
WPVDB ID
1264a497-4ee7-4ff5-8ec7-a96d6e485d15

Timeline

Publicly Published
2025-05-08 (about 1 year ago)
Added
2025-05-13 (about 1 year ago)
Last Updated
2025-05-23 (about 1 year ago)

Other

Published
Title
Published
2025-10-31
Title
Mstoreapp Mobile (App <= 2.08, Multivendor <= 9.0.1) - Unauthenticated Privilege Escalation
Published
2023-07-18
Title
OAuth Single Sign On – SSO (OAuth Client) < 6.23.4 - Improper Authentication
Published
2015-08-28
Title
Job Manager <= 0.7.25 - Insecure Direct Object Reference (IDOR)
Published
2026-05-28
Title
OTP Login With Phone Number, OTP Verification < 1.8.61 - Unauthenticated Authentication Bypass via Firebase OTP Verification
Published
2024-07-10
Title
profile-builder < 3.11.9 - Unauthenticated Privilege Escalation