CVE-2025-64236

CRITICAL

AmentoTech Tuturn <3.6 - Auth Bypass

Title source: llm

Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6.

References (2)

[Vdb Entry] https://patchstack.com/database/Wordpress/Plugin/tuturn/vulnerability/wordpress-tuturn-plugin-3-6-broken-authentication-vulnerability?_s_id=cve

[Third Party Advisory] https://patchstack.com/database/wordpress/plugin/tuturn/vulnerability/wordpress-tuturn-plugin-3-6-broken-authentication-vulnerability?_s_id=cve

Scores

CVSS v3 9.8

EPSS 0.0012

EPSS Percentile 30.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-288

Status published

Products (1)

AmentoTech/Tuturn < 3.6

Published Dec 18, 2025

Tracked Since Feb 18, 2026