CVE-2025-7444

Critical

Published: 18 July 2025

Published

18 July 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0048 65.0th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7444 is a critical-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Loginpress (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-13 (Identity Providers and Authorization Servers).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the CVE by requiring identification, reporting, and timely remediation of flaws in the LoginPress Pro plugin.

IA-13 Identity Providers and Authorization Servers good match

prevent

Ensures proper selection, configuration, and verification of identity providers for social login tokens, preventing insufficient user verification bypasses.

AC-3 Access Enforcement good match

prevent

Enforces approved access authorizations to block unauthenticated attackers from logging in as existing users via flawed social token handling.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1078 Valid Accounts Stealth

Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

Why these techniques?

Authentication bypass in public-facing WordPress plugin enables direct exploitation for unauthorized access using valid accounts.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for…

unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.

Deeper analysisAI

CVE-2025-7444 is an authentication bypass vulnerability affecting the LoginPress Pro plugin for WordPress in all versions up to and including 5.0.1. The issue stems from insufficient verification of the user returned by a social login token, assigned CWE-288. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with network accessibility, low complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability.

Unauthenticated attackers can exploit this vulnerability to log in as any existing user on the site, including administrators, provided they have access to the target's email address and the target user lacks an existing account with the social login service providing the token. This allows full compromise of user sessions and site control without credentials.

Advisories from Wordfence and the LoginPress changelog detail mitigation steps and patches addressing the vulnerability. Security practitioners should review these sources for update instructions and apply fixes promptly to vulnerable installations.