Critical severity9.8NVD Advisory· Published Jul 26, 2025· Updated Apr 15, 2026
CVE-2025-6895
CVE-2025-6895
Description
The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticated attackers who know an arbitrary user meta value to bypass authentication checks and log in as that user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: >=2.1.0, <=2.1.1
Patches
Vulnerability mechanics
References
5- plugins.trac.wordpress.org/browser/melapress-login-security/tags/2.1.1/app/class-melapress-login-security.phpnvd
- plugins.trac.wordpress.org/browser/melapress-login-security/tags/2.1.1/app/modules/temporary-logins/class-temporary-logins.phpnvd
- plugins.trac.wordpress.org/changeset/3328137nvd
- wordpress.org/plugins/melapress-login-security/nvd
- www.wordfence.com/threat-intel/vulnerabilities/id/6f65d5c4-6f53-4836-9130-c9f4ed3be893nvd
News mentions
0No linked articles in our index yet.