CVE-2025-15030

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

02/02/2026

Last modified:

02/02/2026

Description

The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account

Impact

References to Advisories, Solutions, and Tools

https://wpscan.com/vulnerability/344cb1b1-342e-44b2-ae4a-3bb31be56b22/