CVE-2025-39565: WordPress MelaPress Login Security plugin <= 2.1.0 - PHP Object Injection Vulnerability

Q: What is the severity of CVE-2025-39565?

CVE-2025-39565 is classified as a critical vulnerability due to its potential for object injection through deserialization of untrusted data.

Q: How do I fix CVE-2025-39565?

To mitigate CVE-2025-39565, update the MelaPress Login Security plugin to a version later than 2.1.0.

Q: Who is affected by CVE-2025-39565?

CVE-2025-39565 affects users of MelaPress Login Security plugin versions up to and including 2.1.0.

Q: What kind of attacks can CVE-2025-39565 enable?

CVE-2025-39565 can lead to remote code execution by allowing attackers to inject malicious objects.

Q: Is there a workaround for CVE-2025-39565?

As a workaround for CVE-2025-39565, it is advised to disable the MelaPress Login Security plugin until an update can be applied.

Published Apr 16, 2025

Updated

Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security melapress-login-security allows Object Injection.This issue affects MelaPress Login Security: from n/a through <= 2.1.0.

Affected Software

3 affected components

Melapress MelaPress Login Security<=2.1.0

WordPress MelaPress Login Security<=2.1.0

Melapress Melapress Login Security Wordpress<2.1.1

Remediation

Information

Update the WordPress MelaPress Login Security plugin to the latest available version (at least 2.1.1).

Event History

Apr 16, 2025

CVE Published

via MITRE·12:44 PM

Data Sourced

via MITRE·12:44 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·01:15 PM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2025-39565?

CVE-2025-39565 is classified as a critical vulnerability due to its potential for object injection through deserialization of untrusted data.

How do I fix CVE-2025-39565?

To mitigate CVE-2025-39565, update the MelaPress Login Security plugin to a version later than 2.1.0.

Who is affected by CVE-2025-39565?