CVE-2025-3282 in User Registration & Membership Plugin信息

摘要

由 VulDB • 2026-06-23

WordPress插件“User Registration & Membership – Custom Registration Form, Login Form, and User Profile”在所有4.1.3及以下版本中存在不安全的直接对象引用(Insecure Direct Object Reference)漏洞。该漏洞位于`user_registration_membership_register_member()`函数中,原因是未对用户可控的键‘membership_id’进行验证。这使得未经身份验证的攻击者能够将任何用户的会员资格更新为任何其他有效或非有效的会员类型。

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

来源

Do you need the next level of professionalism?

Upgrade your account now!