WordPress AS Password Field In Default Registration Form plugin <= 2.0.0 - Unauthenticated Privilege Escalation via Account Takeover vulnerability

Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by Drew Webber mcdruid in WordPress Plugin AS Password Field In Default Registration Form versions = 2.0.0...

CVE-2025-14996

CVE-2025-14996 affects the AS Password Field In Default Registration Form WordPress plugin (

CVE-2025-14996 AS Password Field In Default Registration Form <= 2.0.0 - Unauthenticated Privilege Escalation via Account Takeover

The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it...

CVE-2025-14996 AS Password Field In Default Registration Form <= 2.0.0 - Unauthenticated Privilege Escalation via Account Takeover

The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it...

PT-2026-1413

Name of the Vulnerable Software and Affected Versions AS Password Field In Default Registration Form plugin for WordPress versions prior to 2.0.1 Description The plugin does not properly validate a user’s identity before allowing password updates. This allows unauthenticated attackers to change...