CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-47646

CVSS 9.8v3.1pub. 2025-05-23upd. 2026-04-29

Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration allows Password Recovery Exploitation.This issue affects PSW Front-end Login & Registration: from n/a through <= 1.13.

🤖 AI Analysis
How it works

The password recovery mechanism in the plugin is vulnerable to exploitation due to improper implementation (CWE-640 — Weak Password Recovery Mechanism for Forgotten Password). An attacker, without authentication and without any interaction on the victim's side, can remotely abuse the password reset process. This flaw allows bypassing standard security measures and taking control of the victim's account.

Impact

An attacker can take over the account of any WordPress website user, including administrative accounts, giving full access to the service's resources, data and functionality (high confidentiality, integrity and availability).

Mitigation & patch

Update the PSW Front-end Login & Registration plugin to a version higher than 1.13. If an update is not available, it is recommended to immediately disable the plugin. Patch details are available in the Patchstack database and from the plugin vendor.

Who is affected

WordPress plugin PSW Front-end Login & Registration by Gilblas Ngunte Possi, versions from n/a to 1.13 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References