Cyber Resilience

CVE-2025-1717

High

Published: 27 February 2025

Published
27 February 2025
Modified
08 April 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0017 37.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1717 is a high-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Pluginly Login Me Now. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-1717 is an authentication bypass vulnerability in the Login Me Now plugin for WordPress, affecting versions up to and including 1.7.2. The issue stems from insecure authentication logic in the AutoLogin::listen() function, which relies on an arbitrary transient name. This flaw is classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel) and CWE-306 (Missing Authentication for Critical Function), earning a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Unauthenticated attackers can exploit this vulnerability over the network to log in as any existing user on the site, including administrators, by supplying a transient name and value. Exploitation requires obtaining the transient from another software, so the plugin is not vulnerable in isolation. The high attack complexity reflects this dependency, but successful compromise grants high-impact confidentiality, integrity, and availability effects.

Wordfence's threat intelligence advisory provides further details on the vulnerability. Mitigation is addressed via a patch in WordPress plugin repository changeset 3247924. The vulnerable code is visible in AutoLogin.php at line 24 of version 1.7.2; security practitioners should update to a fixed version and review sites using this plugin for transient usage from integrated software.

EU & UK References

Vulnerability details

The Login Me Now plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.2. This is due to insecure authentication based on an arbitrary transient name in the 'AutoLogin::listen()' function. This makes it possible for…

more

unauthenticated attackers to log in an existing user on the site, even an administrator. Note: this vulnerability requires using a transient name and value from another software, so the plugin is not inherently vulnerable on it's own.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1078 Valid Accounts Stealth
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

Auth bypass in public-facing WordPress plugin directly enables remote exploitation for initial access (T1190) and use of valid accounts (T1078) without credentials.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-12857Shared CWE-288, CWE-306
CVE-2025-9254Shared CWE-306
CVE-2025-6895Shared CWE-288
CVE-2025-23504Shared CWE-288
CVE-2026-27389Shared CWE-288
CVE-2025-26966Shared CWE-288
CVE-2025-0159Shared CWE-288, CWE-306
CVE-2026-25357Shared CWE-288
CVE-2025-1061Shared CWE-288
CVE-2026-29139Shared CWE-288

Affected Assets

pluginly
login me now
≤ 1.7.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the authentication bypass by requiring timely patching of the vulnerable Login Me Now plugin to the fixed version.

detect

Identifies deployed instances of the vulnerable plugin through vulnerability scanning tailored to CVEs like CVE-2025-1717.

detect

Enables identification of systems using the vulnerable WordPress plugin via comprehensive system component inventory including third-party plugins.

References