CVE-2025-7444
LoginPress Pro <= 5.0.1 - Authentication Bypass via WordPress.com OAuth providerThe LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
We have discovered 52 live websites that are affected by CVE-2025-7444.
Affected Software
| Product |  LoginPress Pro |
| Category | Wordpress Plugins |
| Vulnerable Domains | 52 live websites (100% of LoginPress Pro install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-288 Authentication Bypass Using an Alternate Path or ChannelDetails
- Published - Jul 18, 2025
- Updated - Jul 18, 2025
Credits
- Friderika Baranyai (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-7444 United States | 19 websites |
 Cyprus | 5 websites |
 GB | 5 websites |
 Germany | 3 websites |
 Iran | 3 websites |
 Canada | 2 websites |
 Colombia | 2 websites |
 Russia | 2 websites |
 Denmark | 1 websites |
 Greece | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2025-7444| .com | 22 websites |
| .org | 5 websites |
| .co.uk | 3 websites |
| .de | 2 websites |
| .eu | 2 websites |
| .ru | 2 websites |
| .ca | 1 websites |
| .co | 1 websites |
| .net | 1 websites |
Websites affected by CVE-2025-7444
Top websites that are affected by CVE-2025-7444. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.com | United States | *,*** | |
| *************.com | United States | ***,*** | |
| *******************.org | United States | *,***,*** | |
| **********.com | United States | *,***,*** | |
| ***********.com | United States | *,***,*** | |
| *************.com | Canada | *,***,*** | |
| ***********.com | United States | *,***,*** | |
| ******.ir | Iran | *,***,*** | |
| ******.com | Iran | *,***,*** | |
| ******************.ro |  Romania | **,***,*** |
FAQ
CVE-2025-7444 is Authentication Bypass Using an Alternate Path or Channel in LoginPress Pro
A total of 52 websites have been identified as vulnerable to CVE-2025-7444, based on global website indexing conducted by WebTechSurvey.
The LoginPress Pro is affected by the CVE-2025-7444 vulnerability.
LoginPress Pro versions up to and including 5.0.1 are vulnerable to CVE-2025-7444.