CVE-2025-3605

CRITICAL EXPLOITED NUCLEI

Frontend Login & Registration Blocks <1.0.7 - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2025-3605 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including Md Shoriful Islam, Nxploited, GadaLuBau1337. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit targets a privilege escalation vulnerability in the WordPress Frontend Login and Registration Blocks plugin (CVE-2025-3605). It allows an attacker to change the email address of a target user (default: admin) by sending a crafted POST request to admin-ajax.php, enabling password reset via the new email.

Description

The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the flr_blocks_user_settings_handle_ajax_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.

Exploits (4)

exploitdb WORKING POC

by Md Shoriful Islam · pythonwebappsmultiple

https://www.exploit-db.com/exploits/52291

View Code ZIP pw:eip

This exploit targets a privilege escalation vulnerability in the WordPress Frontend Login and Registration Blocks plugin (CVE-2025-3605). It allows an attacker to change the email address of a target user (default: admin) by sending a crafted POST request to admin-ajax.php, enabling password reset via the new email.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: WordPress Frontend Login and Registration Blocks Plugin <= 1.0.7

No auth needed

Prerequisites: Target WordPress site with vulnerable plugin installed · Network access to the target

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by Nxploited · remote

https://github.com/Nxploited/CVE-2025-3605

View Code ZIP pw:eip

This is a functional exploit for CVE-2025-3605, targeting a privilege escalation vulnerability in the Frontend Login and Registration Blocks WordPress plugin. It allows unauthenticated attackers to change the administrator's email via an AJAX endpoint, enabling password reset and account takeover.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Frontend Login and Registration Blocks Plugin <= 1.0.7

No auth needed

Prerequisites: Target WordPress site with vulnerable plugin installed · Network access to the target

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by GadaLuBau1337 · remote

https://github.com/GadaLuBau1337/CVE-2025-3605

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2025-3605, targeting a privilege escalation vulnerability in the Frontend Login and Registration Blocks WordPress plugin (versions <= 1.0.7). The exploit allows unauthenticated attackers to change the administrator's email via an insecure AJAX endpoint, enabling password reset and account takeover.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Frontend Login and Registration Blocks WordPress plugin <= 1.0.7

No auth needed

Prerequisites: Target WordPress site with vulnerable plugin installed · Network access to the target

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

github WORKING POC

by Boshe99 · pythonpoc

https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2025-3605

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2025-3605, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the ability to upload a malicious file to a vulnerable target.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin 3DPrint Lite 1.9.1.4

No auth needed

Prerequisites: target URL · path to a file to upload

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

Nuclei Templates (1)

WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation

CRITICALVERIFIEDby beginee

FOFA: body="/wp-content/plugins/frontend-login-and-registration-blocks/"

References (2)

Core 2

Core References

Product

https://plugins.trac.wordpress.org/browser/frontend-login-and-registration-blocks/trunk/inc/class-flr-blocks-user-settings.php#L59

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/0c11668c-6dc3-4539-b2be-bf6528bed73e?source=cve

Scores

CVSS v3 9.8

EPSS 0.1273

EPSS Percentile 94.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2025-10-03

CWE

CWE-639

Status published

Products (2)

arkenon/Frontend Login and Registration Blocks < 1.0.7

arkenon/Login, Registration and Lost Password Blocks < 1.1.1

Published May 09, 2025

Tracked Since Feb 18, 2026