User Registration & Membership <= 4.1.1 - Unauthenticated Privilege Escalation

The User Registration & Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 4.1.1. This is due to insufficient restrictions on role type in the 'preparemembersdata' function. This makes it possible for unauthenticated attackers to create newuser...

Exploit for CVE-2025-2563

CVE-2025-2563 The User Registration & Membership WordPress...

CVE-2026-2563

A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function setstcreenendeabledstatus/getstatus of the file /f/service/controlDevice of the component jdcapprpc. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the...

EUVD-2026-2563

Data verification vulnerability in the HiView module. Impact: Successful exploitation of this vulnerability may affect availability...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2025-2563)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-2563

The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2020-2563

Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion component: Close Manager. The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close...

CVE-2022-2563

creationtimestamp| type| source ---|---|--- 2025-05-13 19:30:53+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16199...

CVE-2025-2563

The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges...

CVE-2025-2563 User Registration & Membership < 4.1.2- Unauthenticated Privilege Escalation

The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges...

WordPress User Registration &amp; Membership Plugin 4.1.1 - Unauthenticated Privilege Escalation

Exploit Title: WordPress User Registration & Membership Plugin = 4.1.1 - Unauthenticated Privilege Escalation Exploit Author: Al Baradi Joy Date: 2025-04-07 Vendor Homepage: https://wordpress.org/plugins/user-registration/ Software Link:...

📄 WordPress User Registration and Membership 4.1.1 Privilege Escalation

WordPress User Registration and Membership plugin versions 4.1.1 and below suffer from a privilege escalation vulnerability. Exploit Title: WordPress User Registration & Membership Plugin = 4.1.1 - Unauthenticated Privilege Escalation Exploit Author: Al Baradi Joy Date: 2025-04-07 Vendor Homepage...

CVE-2025-2563

creationtimestamp| type| source ---|---|--- 2025-03-27 04:24:00+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lldhdf3oje2k 2025-03-29 12:05:35+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/26740 2025-03-29 16:00:07+00:00| published-proof-of-concept|...

VulnCheck KEV: CVE-2025-2563

The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges...

CVE-2024-2563

creationtimestamp| type| source ---|---|--- 2024-03-17 13:21:54+00:00| seen| https://t.me/ctinow/209912 2024-03-17 13:26:18+00:00| seen| https://t.me/ctinow/209914...

CVE-2024-2563

The CVE-2024-2563 entry concerns PandaXGO PandaX up to 20240310. A path traversal flaw exists in the DeleteImage function in /apps/system/router/upload.go, where an attacker can manipulate the fileName parameter (e.g., ../../../../../../../../../tmp/1.txt) to traverse to ../filedir. The issue is ...

CVE-2023-2563

CVE-2023-2563 relates to the WordPress plugin WordPress Contact Forms by Cimatti. It is a Cross-Site Request Forgery (CSRF) vulnerability in versions up to and including 1.5.7 caused by missing/incorrect nonce validation in the function _accua_forms_form_edit_action. This flaw allows unauthentica...

CVE-2022-2563

The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2563

CVE-2022-2563 affects the Tutor LMS WordPress plugin

CVE-2022-2563 Tutor LMS < 2.0.10 - Admin+ Stored Cross-Site Scripting

The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...