{"id":37775,"date":"2025-05-13T13:31:24","date_gmt":"2025-05-13T13:31:24","guid":{"rendered":""},"modified":"2025-09-11T00:30:51","modified_gmt":"2025-09-11T06:30:51","slug":"cve-2025-3844-critical-authentication-bypass-vulnerability-in-peprodev-ultimate-profile-solutions-plugin-for-wordpress","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-3844-critical-authentication-bypass-vulnerability-in-peprodev-ultimate-profile-solutions-plugin-for-wordpress\/","title":{"rendered":"CVE-2025-3844: Critical Authentication Bypass Vulnerability in PeproDev Ultimate Profile Solutions Plugin for WordPress<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

A critical vulnerability, tracked as CVE-2025-3844, has been identified in the PeproDev Ultimate Profile Solutions plugin for WordPress. This vulnerability pertains to a weakness in the authentication process, specifically the change_user_meta functionality, that could allow an unauthenticated attacker to bypass the login process and gain unauthorized access to user accounts, including those of administrators. This could potentially lead to system<\/a> compromise or data leakage, posing a significant risk to the privacy and security of website users.
\nWith a CVSS severity score of 9.8, this vulnerability is deemed to be of critical<\/a> severity and should be addressed immediately. The widespread usage of WordPress and the affected plugin<\/a> underscores the urgent need for mitigation actions.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-3844
\nSeverity: Critical (CVSS: 9.8)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: System compromise<\/a>, data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n