CVE-2025-3607
Frontend Login and Registration Blocks <= 1.0.7 - Authenticated (Subscriber+) Privilege Escalation via Password ResetThe Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not properly validating a user's identity prior to updating a password. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
We have discovered 2 live websites that are affected by CVE-2025-3607.
Affected Software
| Product |  Frontend Login And Registration Blocks |
| Category | Wordpress Plugins |
| Vulnerable Domains | 2 live websites (100% of Frontend Login And Registration Blocks install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 1 versions ( 100% of all versions) |
Common Weakness Enumeration
CWE-620 Unverified Password ChangeDetails
- Published - Apr 24, 2025
- Updated - Apr 24, 2025
Credits
- Kenneth Dunn (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-3607 United States | 1 websites |
 Germany | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2025-3607| .de | 1 websites |
| .org | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-3607
Top websites that are affected by CVE-2025-3607. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.org | United States | **,***,*** | |
| ****.de | Germany | **,***,*** |
FAQ
CVE-2025-3607 is Unverified Password Change in Frontend Login And Registration Blocks
A total of 2 websites have been identified as vulnerable to CVE-2025-3607, based on global website indexing conducted by WebTechSurvey.
The Frontend Login And Registration Blocks is affected by the CVE-2025-3607 vulnerability.
Frontend Login And Registration Blocks versions up to and including 1.0.7 are vulnerable to CVE-2025-3607.