Unrated severityNVD Advisory· Published Apr 8, 2025· Updated Apr 8, 2025
MelaPress Login Security and MelaPress Login Security Premium 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion
CVE-2025-2876
Description
The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4=2.1.0+ 2 more
- (no CPE)range: =2.1.0
- (no CPE)range: 2.1.0
- (no CPE)range: 2.1.0
Patches
Vulnerability mechanics
References
4- melapress.com/wordpress-login-security/releases/mitre
- plugins.trac.wordpress.org/browser/melapress-login-security/trunk/app/modules/temporary-logins/class-temporary-logins.phpmitre
- plugins.trac.wordpress.org/changeset/3267748/mitre
- www.wordfence.com/threat-intel/vulnerabilities/id/559cbc69-85b6-4bad-9bb2-26d64195ba7emitre
News mentions
0No linked articles in our index yet.