High severity8.8NVD Advisory· Published Apr 24, 2025· Updated Apr 15, 2026
CVE-2025-3607
CVE-2025-3607
Description
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.8. This is due to the plugin not properly validating a user's identity prior to updating a password. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=1.0.8
Patches
Vulnerability mechanics
References
4- plugins.trac.wordpress.org/browser/frontend-login-and-registration-blocks/trunk/inc/class-flr-blocks-lost-password.phpnvd
- plugins.trac.wordpress.org/changeset/3325911/nvd
- plugins.trac.wordpress.org/changeset/3325911/nvd
- www.wordfence.com/threat-intel/vulnerabilities/id/b06ce1e4-5cfb-415d-ad09-db194d6b4354nvd
News mentions
0No linked articles in our index yet.