What the vulnerability does
01Description
The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_registration() function. This is due to the use of a weak, low-entropy OTP mechanism in the forget() function. This makes it possible for unauthenticated attackers to initiate a password reset for any user, including administrators, and elevate their privileges for full site takeover.
Explanation of Vulnerability in Simple Terms
02Summary
PSW Front-end Login & Registration versions 1.12 and earlier contain a use of insufficiently random values (CWE-330) that allows attackers to compromise user accounts and site data. The vulnerability requires no authentication or user interaction and can be exploited over the network. An attacker can read sensitive information, modify site content, or disrupt service availability.
What an attacker can do
03Attacker Capabilities
Read user data, modify site content, or disrupt the site without needing to log in.
Potential impact on your site
04Site Impact
User accounts and site data are at risk; attackers can access or modify content without credentials.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
May 31, 2025
CVE published
April 8, 2026
Record updated