CVE-2025-15030

CRITICAL

Exploit for CVE-2025-15030

Details

CVSS v3: 9.8
NVD published: 2026-02-02 07:16:04
EPSS: <0.1% probability · 5.9th percentile — 2026-04-17
Affected versions: Not available in our cache.
Summary: The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account
Remediation: Not available in our cache.
Exploit info: Not available in our cache.

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.