CVE-2025-47646 Scanner
CVE-2025-47646 Scanner - Missing Authorization vulnerability in PSW Front-end Login & Registration
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
11 days 21 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
The PSW Front-end Login & Registration plugin is commonly used on WordPress sites to allow users to register and log in via front-end forms. It is widely adopted due to its easy integration into WordPress environments, simplifying user access management for administrators. Installed by website owners aiming to enhance user experience, this plugin facilitates a streamlined login and registration process. Many businesses and personal sites utilize this plugin to boost their site’s interactivity and user engagement. As a WordPress plugin, it also allows for customization through WordPress themes and additional plugins, making it versatile for a range of website types. The plugin's ability to handle user credentials makes it a crucial tool for sites requiring visitor authentication.
Missing Authorization vulnerabilities occur when applications fail to restrict user access to certain areas or actions within the system. This specific vulnerability affects the PSW Front-end Login & Registration plugin, which lacks proper authorization checks during the password recovery process. Unauthenticated attackers can exploit this flaw, potentially gaining unauthorized access to user accounts. This issue arises from the plugin not verifying user credentials adequately, allowing attackers to bypass account security measures. Such vulnerabilities are critical as they can result in unauthorized data access or privilege escalation. Addressing these vulnerabilities often involves tightening account recovery workflows and implementing robust authentication checks.
The vulnerability details indicate a flaw in the password recovery mechanism of the PSW Front-end Login & Registration plugin. Through crafted requests to the endpoint responsible for password recovery, attackers can manipulate form inputs. Specifically, the endpoint `/wp-admin/admin-ajax.php` processes requests without confirming the legitimacy of the requester. The use of predictable request tokens and insufficient validation checks allow attackers to abuse this process, creating a vector for unauthorized account access. The plugin improperly handles authentication tokens, failing to enforce access controls. Exploitation involves manipulating the process to retrieve activation links, leading to a potential security breach.
Exploiting this vulnerability could allow unauthorized users to access sensitive user accounts on WordPress sites. Affected systems risk data breaches, unauthorized data manipulation, and potential site defacement. Additionally, exploitation may lead to further network compromises, as attackers could pivot from compromised accounts to elevate privileges or gain further unauthorized access. Such vulnerabilities commonly attract automated attacks, opening a path for mass exploitation across numerous platforms. Moreover, user trust in the affected site could diminish substantially, leading to reputational damage.
REFERENCES
- https://github.com/RootHarpy/CVE-2025-47646
- https://github.com/Nxploited/CVE-2025-47646
- https://patchstack.com/database/wordpress/plugin/psw-login-and-registration/vulnerability/wordpress-psw-front-end-login-registration-1-12-broken-authentication-vulnerability?_s_id=cve
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/nomi-sec/PoC-in-GitHub