Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2025-55137: WordPress Plugin LinkJoin Vulnerable to Password Reset Abuse

CVE-2025-55137

Summary

The WordPress plugin LinkJoin has a security issue that can allow an attacker to reset a user's password without their permission. This could be done by tricking the user into clicking on a malicious link or by exploiting another vulnerability in the system. To protect your site, update the LinkJoin plugin to the latest version or consider replacing it with a different plugin.

Original title

LinkJoin through 882f196 mishandles lacks type checking in password reset.

Original description

LinkJoin through 882f196 mishandles lacks type checking in password reset.

nvd CVSS3.1 7.4

Vulnerability type

CWE-843 Type Confusion

https://github.com/Latkecrszy/linkjoin/pull/4

Published: 7 Aug 2025 · Updated: 15 Jun 2026 · First seen: 7 Mar 2026