CVE-2025-1717
Published: 27 February 2025
Summary
CVE-2025-1717 is a high-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Pluginly Login Me Now. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the authentication bypass by requiring timely patching of the vulnerable Login Me Now plugin to the fixed version.
Identifies deployed instances of the vulnerable plugin through vulnerability scanning tailored to CVEs like CVE-2025-1717.
Enables identification of systems using the vulnerable WordPress plugin via comprehensive system component inventory including third-party plugins.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Auth bypass in public-facing WordPress plugin directly enables remote exploitation for initial access (T1190) and use of valid accounts (T1078) without credentials.
NVD Description
The Login Me Now plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.2. This is due to insecure authentication based on an arbitrary transient name in the 'AutoLogin::listen()' function. This makes it possible for…
more
unauthenticated attackers to log in an existing user on the site, even an administrator. Note: this vulnerability requires using a transient name and value from another software, so the plugin is not inherently vulnerable on it's own.
Deeper analysisAI
CVE-2025-1717 is an authentication bypass vulnerability in the Login Me Now plugin for WordPress, affecting versions up to and including 1.7.2. The issue stems from insecure authentication logic in the AutoLogin::listen() function, which relies on an arbitrary transient name. This flaw is classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel) and CWE-306 (Missing Authentication for Critical Function), earning a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Unauthenticated attackers can exploit this vulnerability over the network to log in as any existing user on the site, including administrators, by supplying a transient name and value. Exploitation requires obtaining the transient from another software, so the plugin is not vulnerable in isolation. The high attack complexity reflects this dependency, but successful compromise grants high-impact confidentiality, integrity, and availability effects.
Wordfence's threat intelligence advisory provides further details on the vulnerability. Mitigation is addressed via a patch in WordPress plugin repository changeset 3247924. The vulnerable code is visible in AutoLogin.php at line 24 of version 1.7.2; security practitioners should update to a fixed version and review sites using this plugin for transient usage from integrated software.
Details
- CWE(s)