Vulnerabilities and security researches forpsw-login-and-registration psw-login-and-registration

Jun 15, 2025

CVE, Research URL: CVE-2025-4607
Home page URL: Security reports for PSW – Login and registration
Application: PSW – Login and registration
Date: May 31, 2025
Research Description: The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_registration() function. This is due to the use of a weak, low-entropy OTP mechanism in the forget() function. This makes it possible for unauthenticated attackers to initiate a password reset for any user, including administrators, and elevate their privileges for full site takeover.
Affected versions: max 1.12.
Status: vulnerable

May 14, 2025

CVE, Research URL: CVE-2025-47646
Home page URL: Security reports for PSW – Login and registration
Application: PSW – Login and registration
Date: May 23, 2025
Research Description: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration allows Password Recovery Exploitation. This issue affects PSW Front-end Login & Registration: from n/a through 1.13.
Affected versions: max 1.12.
Status: vulnerable