CVE-2025-3605: CWE-639 Authorization Bypass Through User-Controlled Key in arkenon Login, Registration and Lost Password Blocks
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the flr_blocks_user_settings_handle_ajax_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
AI Analysis
Technical Summary
The Frontend Login and Registration Blocks plugin for WordPress (arkenon) contains an authorization bypass vulnerability (CWE-639) in the flr_blocks_user_settings_handle_ajax_callback() function. This flaw allows unauthenticated attackers to update arbitrary users' email addresses without proper identity validation. By changing an administrator's email, an attacker can trigger a password reset and gain full access to the account, resulting in privilege escalation. The vulnerability affects all versions up to and including 1.1.1. The CVSS 3.1 base score is 9.8 (Critical), reflecting network attack vector, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation enables an unauthenticated attacker to take over any user account, including administrator accounts, by changing the email address and resetting the password. This leads to full compromise of the affected WordPress site, including potential data theft, site defacement, or further malicious activity. The vulnerability poses a critical risk to the confidentiality, integrity, and availability of the system.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the plugin's AJAX endpoints if possible and monitor for suspicious activity related to user email changes and password resets. Avoid using the affected plugin versions and consider disabling the plugin temporarily if feasible.
CVE-2025-3605: CWE-639 Authorization Bypass Through User-Controlled Key in arkenon Login, Registration and Lost Password Blocks
Description
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the flr_blocks_user_settings_handle_ajax_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Frontend Login and Registration Blocks plugin for WordPress (arkenon) contains an authorization bypass vulnerability (CWE-639) in the flr_blocks_user_settings_handle_ajax_callback() function. This flaw allows unauthenticated attackers to update arbitrary users' email addresses without proper identity validation. By changing an administrator's email, an attacker can trigger a password reset and gain full access to the account, resulting in privilege escalation. The vulnerability affects all versions up to and including 1.1.1. The CVSS 3.1 base score is 9.8 (Critical), reflecting network attack vector, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation enables an unauthenticated attacker to take over any user account, including administrator accounts, by changing the email address and resetting the password. This leads to full compromise of the affected WordPress site, including potential data theft, site defacement, or further malicious activity. The vulnerability poses a critical risk to the confidentiality, integrity, and availability of the system.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the plugin's AJAX endpoints if possible and monitor for suspicious activity related to user email changes and password resets. Avoid using the affected plugin versions and consider disabling the plugin temporarily if feasible.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-04-14T19:39:49.270Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9817c4522896dcbd7843
Added to database: 5/21/2025, 9:08:39 AM
Last enriched: 4/9/2026, 9:29:15 PM
Last updated: 5/8/2026, 3:36:33 PM
Views: 68
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.