CVE-2025-2876 identifies a missing authorization vulnerability (CWE-862) in the MelaPress Login Security and MelaPress Login Security Premium WordPress plugins, specifically version 2.1.0. The flaw exists in the 'monitor_admin_actions' function, which lacks proper capability checks to verify if a user is authorized to perform certain administrative actions. This omission allows unauthenticated attackers to invoke this function remotely and delete any user account on the WordPress site. The vulnerability impacts the integrity of the system by permitting unauthorized modification of user data but does not affect confidentiality or availability directly. The CVSS 3.1 base score is 5.3 (medium), reflecting the ease of exploitation (no privileges or user interaction required) but limited impact scope (integrity only). No patches or known exploits are currently available, indicating the vulnerability is newly disclosed. The affected plugin is used to enhance login security on WordPress sites, which are widely deployed globally, making this a relevant threat to many organizations relying on WordPress for their web presence. The vulnerability could be exploited to remove administrative or other user accounts, potentially disrupting site management and access control.

The primary impact of this vulnerability is unauthorized integrity loss through deletion of user accounts, which can disrupt site administration and user access. Organizations may face operational challenges if administrative accounts are deleted, potentially leading to lockout scenarios or the need for recovery procedures. While confidentiality and availability are not directly compromised, the ability to delete users could be leveraged as part of a broader attack chain to weaken site defenses or facilitate further exploitation. The vulnerability's ease of exploitation without authentication increases risk, especially for high-profile or high-traffic WordPress sites using the affected plugin. This could affect e-commerce platforms, content management systems, and other business-critical web applications, leading to reputational damage and operational downtime. The absence of known exploits suggests limited current active exploitation, but the vulnerability remains a significant risk until patched.

1. Monitor the vendor's official channels for a security patch and apply updates to MelaPress Login Security Premium immediately upon release. 2. Until a patch is available, implement manual authorization checks by modifying the plugin code to verify user capabilities before executing 'monitor_admin_actions'. 3. Restrict access to the WordPress admin interface and plugin endpoints using web application firewalls (WAFs) or IP whitelisting to limit exposure to unauthenticated requests. 4. Employ intrusion detection systems to monitor for suspicious requests targeting the vulnerable function. 5. Regularly back up user data and site configurations to enable rapid recovery if user accounts are deleted. 6. Conduct security audits of installed plugins to identify and remediate similar missing authorization issues. 7. Educate site administrators about the vulnerability and encourage vigilance for unusual user deletions or access anomalies.