CVE-2025-31019: WordPress Password Policy Manager plugin <= 2.0.4 - Account Takeover vulnerability
Published Jun 9, 2025
·Updated
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Password Policy Manager password-policy-manager allows Authentication Abuse.This issue affects Password Policy Manager: from n/a through <= 2.0.4.
Affected Software
1 affected component
miniOrange Password Policy Manager<=2.0.4
Remediation
Information
Update to 2.0.5 or a higher version.
Event History
Jun 9, 2025
CVE Published
via MITRE·03:56 PM
Data Sourced
via MITRE·03:56 PM
DescriptionWeakness
Data Sourced
via NVD·04:15 PM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2025-31019?
CVE-2025-31019 is classified as a high-severity vulnerability allowing authentication bypass.
2
How do I fix CVE-2025-31019?
To mitigate CVE-2025-31019, update the miniOrange Password Policy Manager to version 2.0.5 or later.
3
What type of vulnerability is CVE-2025-31019?
CVE-2025-31019 is an authentication bypass vulnerability affecting the miniOrange Password Policy Manager.
4
Which versions are affected by CVE-2025-31019?
CVE-2025-31019 impacts miniOrange Password Policy Manager versions up to and including 2.0.4.
5
What can attackers do with CVE-2025-31019?
Attackers can exploit CVE-2025-31019 to gain unauthorized access to user accounts by bypassing authentication mechanisms.