CVE-2025-2563 | THREATINT

Description

The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges

PUBLISHED Reserved 2025-03-20 | Published 2025-04-14 | Updated 2025-08-27 | Assigner WPScan

Problem types

CWE-639 Authorization Bypass Through User-Controlled Key

Product status

Default status

unaffected

Any version before 4.1.2

affected

Credits

wesley (wcraft) finder

WPScan coordinator

References

wpscan.com/...rability/2c0f62a1-9510-4f90-a297-17634e6c8b75/ exploit vdb-entry technical-description

cve.org (CVE-2025-2563)

nvd.nist.gov (CVE-2025-2563)

Download JSON