Password Policy Manager < 2.0.5 – Authenticated (Subscriber+) Privilege Escalation via Account Takeover | CVE 2025-31019 | Plugin Vulnerabilities

Description

The Password Policy Manager | Password Manager plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's identity prior to updating their details like password through the moppm_submit_new_pass() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

Affects Plugins

password-policy-manager

Fixed in 2.0.5

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/adeb4e0b-13fe-4f80-9b24-62bf2a057ead

Classification

Type

IDOR

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Rafie Muhammad

Verified

No

WPVDB ID

eb8c9c5b-1ffb-4b28-8f60-84eb9b29be02

Timeline

Publicly Published

2025-06-05 (about 11 months ago)

Added

2025-06-10 (about 11 months ago)

Last Updated

2025-06-10 (about 11 months ago)

Other

Published

Title

Published

2026-04-20

Title

EventPrime – Events Calendar, Bookings and Tickets < 4.3.0.1 - Authenticated (Subscriber+) Insecure Direct Object Reference

Published

2025-01-02

Title

WP Job Portal – A Complete Recruitment System for Company or Job Board website < 2.2.5 - Authenticated (Subscriber+) Insecure Direct Object Reference

Published

2025-07-08

Title

Support Board < 3.8.1 - Unauthenticated Authorization Bypass due to Use of Default Secret Key

Published

2026-05-04

Title

Forminator < 1.52.1 - Unauthenticated Missing Authorization to Payment Bypass

Published

2026-01-06

Title

ACF to REST API <= 3.3.4 - Insecure Direct Object Reference to Authenticated (Contributor+) ACF Field/Option Modification