MelaPress Login Security, CVE-2025-2876

CVE, Research URL: CVE-2025-2876
Home page URL: Security reports for MelaPress Login Security
Application: MelaPress Login Security
Published on: Apr 08, 2025
Research Description: The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user.
Affected versions: max 2.1.1.
Status: vulnerable