CVE-2025-31380: WordPress Paid Videochat Turnkey Site plugin <= 7.3.11 - Broken Authentication Vulnerability

Q: What is the severity of CVE-2025-31380?

The severity of CVE-2025-31380 is moderate, as it involves a weak password recovery mechanism that can be exploited.

Q: How do I fix CVE-2025-31380?

To fix CVE-2025-31380, update the Videowhisper Paid Videochat Turnkey Site to version 7.3.12 or later.

Q: What versions of Paid Videochat Turnkey Site are affected by CVE-2025-31380?

CVE-2025-31380 affects versions of Paid Videochat Turnkey Site up to and including 7.3.11.

Q: What types of vulnerabilities are associated with CVE-2025-31380?

CVE-2025-31380 is associated with exploitations of password recovery mechanisms, specifically weak authentication vulnerabilities.

Q: Is CVE-2025-31380 applicable to WordPress?

Yes, CVE-2025-31380 is applicable to the WordPress Paid Videochat Turnkey Site plugin.

Published Apr 17, 2025

Updated

Weak Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid Videochat Turnkey Site allows Password Recovery Exploitation. This issue affects Paid Videochat Turnkey Site: from n/a through 7.3.11.

Affected Software

1 affected component

VideoWhisper Paid Videochat Turnkey Site<=7.3.11

Remediation

Information

Update the WordPress Paid Videochat Turnkey Site wordpress plugin to the latest available version (at least 7.3.12).

Event History

Apr 17, 2025

CVE Published

via MITRE·03:47 PM

Data Sourced

via MITRE·03:47 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·04:15 PM

DescriptionSeverityWeakness

Frequently Asked Questions

What is the severity of CVE-2025-31380?

The severity of CVE-2025-31380 is moderate, as it involves a weak password recovery mechanism that can be exploited.

How do I fix CVE-2025-31380?

To fix CVE-2025-31380, update the Videowhisper Paid Videochat Turnkey Site to version 7.3.12 or later.

What versions of Paid Videochat Turnkey Site are affected by CVE-2025-31380?

CVE-2025-31380 affects versions of Paid Videochat Turnkey Site up to and including 7.3.11.

What types of vulnerabilities are associated with CVE-2025-31380?

CVE-2025-31380 is associated with exploitations of password recovery mechanisms, specifically weak authentication vulnerabilities.

Is CVE-2025-31380 applicable to WordPress?

Yes, CVE-2025-31380 is applicable to the WordPress Paid Videochat Turnkey Site plugin.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

CVE-2025-31380: WordPress Paid Videochat Turnkey Site plugin <= 7.3.11 - Broken Authentication Vulnerability

Affected Software

Remediation

Information

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2025-31380?

How do I fix CVE-2025-31380?

What versions of Paid Videochat Turnkey Site are affected by CVE-2025-31380?

What types of vulnerabilities are associated with CVE-2025-31380?

Is CVE-2025-31380 applicable to WordPress?

Company

Resources

Contact