Description
The Mementor Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.5. This is due to plugin not properly handling the user switch back function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges by accessing an administrator account through the switch back functionality.
Published: 2025-11-11
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The Mementor Core plugin for WordPress contains a flaw where its user switch back functionality is not properly guarded. An authenticated user with Subscriber-level access or higher can trigger this function and gain access to an administrator account, thereby elevating their privileges. This issue directly maps to CWE-269: Improper Privilege Management. The result is that a non-administrator can assume full administrative rights, compromising confidentiality, integrity, and availability of the site.

Affected Systems

The vulnerability affects the Mementor Core plugin developed by mvirik. All versions up to and including 2.2.5 are impacted. Any WordPress site that has versions 2.2.5 or earlier installed is at risk.

Risk and Exploitability

With a CVSS score of 8.8 the problem is rated high severity. The EPSS score of less than 1% indicates that exploitation is currently expected to be rare, and the vulnerability is not listed in the CISA KEV catalog. An attacker must be authenticated and have at least Subscriber role to use the switch back feature. The exploit is performed over the web interface, so the attack vector is remote via HTTP/HTTPS. If the site allows unrestricted access to the switch back functionality, an attacker can trigger privilege escalation without additional privileges.

Generated by OpenCVE AI on April 27, 2026 at 22:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Mementor Core plugin version (2.3 or newer) to remove the flaw.
  • If an upgrade cannot be performed immediately, temporarily disable the plugin or the switch back feature to block the exploitation path.
  • Enforce stricter role checks for the switch back function, ensuring only administrators can perform user switching.

Generated by OpenCVE AI on April 27, 2026 at 22:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 12 Nov 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 12 Nov 2025 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Tue, 11 Nov 2025 03:45:00 +0000

Type Values Removed Values Added
Description The Mementor Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.5. This is due to plugin not properly handling the user switch back function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges by accessing an administrator account through the switch back functionality.
Title Mementor Core <= 2.2.5 - Authenticated (Subscriber+) Privilege Escalation
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:42:11.345Z

Reserved: 2025-09-29T17:03:10.732Z

Link: CVE-2025-11168

cve-icon Vulnrichment

Updated: 2025-11-12T17:12:52.883Z

cve-icon NVD

Status : Deferred

Published: 2025-11-11T04:15:41.100

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-11168

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T23:00:13Z

Weaknesses