Security Advisory

CVE-2025-6895

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-07-26 04:25:24

Last updated 2025-07-28 18:33:26

Assigner Wordfence

State PUBLISHED

Description

The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticated attackers who know an arbitrary user meta value to bypass authentication checks and log in as that user.

← Browse all CVEs View on cve.org ↗