CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-32486

CVSS 9.8v3.1pub. 2025-09-09upd. 2026-04-23

Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard material-dashboard.This issue affects Material Dashboard: from n/a through <= 1.4.6.

🤖 AI Analysis
How it works

The vulnerability consists of a weak password recovery mechanism for forgotten passwords (Weak Password Recovery Mechanism for Forgotten Password). This mechanism is exploitable without authentication, without user interaction, and without meeting any special conditions on the attacker's side (AC:L, PR:N, UI:N). Incorrect implementation of the password recovery process allows an attacker to manipulate this process in order to take over the account.

Impact

An attacker can gain unauthorized access to user accounts, potentially including administrative accounts, leading to complete WordPress site takeover — compromising confidentiality, integrity, and data availability.

Mitigation & patch

Update the Material Dashboard plugin to a version newer than 1.4.6. Details regarding the available patch should be verified according to information published by Patchstack and in the WordPress plugin repository.

Who is affected

WordPress Material Dashboard plugin by Hossein, versions from the beginning up to and including 1.4.6.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References