Authentication Bypass Vulnerability in Themepaste Admin Safety Guard
CVE-2026-25471

8.1HIGH

Key Information:

Vendor: WordPress
Status: Admin Safety Guard
Vendor: CVE Published:; 19 March 2026

What is CVE-2026-25471?

The Themepaste Admin Safety Guard plugin is vulnerable to an authentication bypass due to improper authentication path handling, allowing attackers to exploit the password recovery mechanism. This security flaw allows unauthorized access, potentially compromising sensitive user data and site integrity. Affected versions include Admin Safety Guard up to 1.2.6. Users are advised to update to the latest version to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Admin Safety Guard <= 1.2.6

References

https://patchstack.com/database/wordpress/plugin/admin-sa...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 19, 2026
Vulnerability Reserved
Feb 2, 2026

Credit

Robert Akhmerov (v31dt) | Patchstack Bug Bounty Program

JSON

WordPress

What is CVE-2026-25471?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.