CVE-2025-2594 in User Registration & Membership Plugininformazioni

Riassunto

di MITRE • 22/04/2025

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Prenotare

21/03/2025

Divulgazione

22/04/2025

Moderazione

accettato

CPE

pronto

Sfruttamento

Scaricare

EPSS

0.07427

KEV

no

Attività

molto basso

Fonti

Want to stay up to date on a daily basis?

Enable the mail alert feature now!