CVE-2025-2876: MelaPress Login Security and MelaPress Login Security Premium 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion

Q: What is the severity of CVE-2025-2876?

CVE-2025-2876 is considered a high severity vulnerability due to the potential for unauthorized data loss.

Q: How do I fix CVE-2025-2876?

To fix CVE-2025-2876, update the MelaPress Login Security and MelaPress Login Security Premium plugins to the latest version.

Q: Who is affected by CVE-2025-2876?

CVE-2025-2876 affects users of the MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress.

Q: What kind of attack does CVE-2025-2876 enable?

CVE-2025-2876 enables unauthenticated attackers to delete data due to a missing capability check.

Q: When was CVE-2025-2876 discovered?

CVE-2025-2876 was identified in version 2.1.0 of the affected plugins.

Published Apr 8, 2025

Updated

The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user.

Affected Software

4 affected components

Melapress Login Security

Melapress Login Security Premium

Melapress Melapress Login Security Wordpress<2.1.1

Remediation

Patch Available

https://plugins.trac.wordpress.org/changeset/3267748/

Event History

Apr 8, 2025

CVE Published

via MITRE·11:11 AM

Data Sourced

via MITRE·11:11 AM

DescriptionSeverityWeakness

Data Sourced

via NVD·12:15 PM

RemedyDescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2025-2876?

CVE-2025-2876 is considered a high severity vulnerability due to the potential for unauthorized data loss.

How do I fix CVE-2025-2876?

To fix CVE-2025-2876, update the MelaPress Login Security and MelaPress Login Security Premium plugins to the latest version.

Who is affected by CVE-2025-2876?

CVE-2025-2876 affects users of the MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress.

What kind of attack does CVE-2025-2876 enable?

CVE-2025-2876 enables unauthenticated attackers to delete data due to a missing capability check.

When was CVE-2025-2876 discovered?

CVE-2025-2876 was identified in version 2.1.0 of the affected plugins.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

CVE-2025-2876: MelaPress Login Security and MelaPress Login Security Premium 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion

Affected Software

Remediation

Patch Available

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2025-2876?

How do I fix CVE-2025-2876?

Who is affected by CVE-2025-2876?

What kind of attack does CVE-2025-2876 enable?

When was CVE-2025-2876 discovered?

Company

Resources

Contact