VYPR

Peprodev Ups

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-3921HigMay 7, 2025
    risk 0.53cvss 8.2epss 0.00

    The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handel_ajax_req() function in versions 1.9.1 to 7.5.2. This makes it possible for unauthenticated attackers to update…

  • CVE-2025-3924MedMay 7, 2025
    risk 0.34cvss 5.3epss 0.00

    The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up the 'valid_email' value based solely on a supplied username parameter, without verifying that the…