8 matches found
User Registration & Membership <= 4.1.1 - Unauthenticated Privilege Escalation
The User Registration & Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 4.1.1. This is due to insufficient restrictions on role type in the 'preparemembersdata' function. This makes it possible for unauthenticated attackers to create newuser...
Exploit for CVE-2025-2563
CVE-2025-2563 The User Registration & Membership WordPress...
CVE-2025-2563
The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges...
CVE-2025-2563 User Registration & Membership < 4.1.2- Unauthenticated Privilege Escalation
The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges...
📄 WordPress User Registration and Membership 4.1.1 Privilege Escalation
WordPress User Registration and Membership plugin versions 4.1.1 and below suffer from a privilege escalation vulnerability. Exploit Title: WordPress User Registration & Membership Plugin = 4.1.1 - Unauthenticated Privilege Escalation Exploit Author: Al Baradi Joy Date: 2025-04-07 Vendor Homepage...
WordPress User Registration & Membership Plugin 4.1.1 - Unauthenticated Privilege Escalation
Exploit Title: WordPress User Registration & Membership Plugin = 4.1.1 - Unauthenticated Privilege Escalation Exploit Author: Al Baradi Joy Date: 2025-04-07 Vendor Homepage: https://wordpress.org/plugins/user-registration/ Software Link:...
CVE-2025-2563
creationtimestamp| type| source ---|---|--- 2025-03-27 04:24:00+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lldhdf3oje2k 2025-03-29 12:05:35+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/26740 2025-03-29 16:00:07+00:00| published-proof-of-concept|...
VulnCheck KEV: CVE-2025-2563
The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges...