CVE-2025-15100 - Vulnerability Details

- JAY Login & Register <= 2.6.03 - Authenticated (Subscriber+) Privilege Escalation via jay_panel_ajax_update_profile

Description

The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_panel_ajax_update_profile' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.

Published: 2026-02-08

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability lies in the jay_panel_ajax_update_profile routine of the JAY Login & Register plugin, which permits any authenticated user with Subscriber-level permissions or higher to modify arbitrary user metadata. This flaw enables a legitimate user to elevate their privileges to that of an Administrator. This flaw corresponds to the weakness defined by CWE‑269.

Affected Systems

All installations of the JAY Login & Register WordPress plugin up to and including version 2.6.03 are affected. Users of this plugin, regardless of server environment or WordPress version, must investigate whether they run one of the vulnerable releases.

Risk and Exploitability

The CVSS score of 8.8 places this issue in the high severity band, indicating significant potential damage if exploited. However, the EPSS score of less than 1% suggests very low current exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. Inferred from the description, the most likely attack vector is via a normal authenticated session using typical WordPress user accounts; the attacker must be able to submit Ajax requests to the plugin endpoint. Once successful, the attacker gains full administrative privileges, enabling unilateral changes to site configuration, data exfiltration, or further malicious actions.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

jayarsiech

JAY Login & Register

unaffected

Version	Status	Constraints
`0`	affected	≤ 2.6.03

No data.

Vendor	Product	Confidence	Versions
Wordpress	Wordpress	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the JAY Login & Register plugin to any release newer than 2.6.03
If an update is unavailable, temporarily disable or remove the jay_panel_ajax_update_profile endpoint from the plugin’s Ajax handlers
Re‑evaluate user roles and reduce the number of subscribers or limit their ability to trigger profile updates; consider tightening the capability checks within the plugin

Generated by OpenCVE AI on April 21, 2026 at 16:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00021.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://plugins.trac.wordpress.org/browser/jay-login-register/tags/2.6.01/includes/user-panel/jay-login-register-ajax-handler-user-panel.php#L624
https://www.wordfence.com/threat-intel/vulnerabilities/id/fb900810-23a2-4920-a5e8-4388c4474de0?source=cve

History

Mon, 09 Feb 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 09 Feb 2026 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wordpress Wordpress wordpress
Vendors & Products		Wordpress Wordpress wordpress

Sun, 08 Feb 2026 02:00:00 +0000

Type	Values Removed	Values Added
Description		The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_panel_ajax_update_profile' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
Title		JAY Login & Register <= 2.6.03 - Authenticated (Subscriber+) Privilege Escalation via jay_panel_ajax_update_profile
Weaknesses		CWE-269
References		https://plugins.trac.wordpress.org/browser/jay-login-register/tags/2.6.01/includes/user-panel/jay-login-register-ajax-handler-user-panel.php#L624 https://www.wordfence.com/threat-intel/vulnerabilities/id/fb900810-23a2-4920-a5e8-4388c4474de0?source=cve
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Wordpress Wordpress

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2026-02-08T01:22:56.646Z

Updated: 2026-04-08T17:34:33.033Z

Reserved: 2025-12-25T18:27:56.480Z

Link: CVE-2025-15100

Vulnrichment

Updated: 2026-02-09T15:13:22.208Z

NVD

Status : Deferred

Published: 2026-02-08T02:15:56.680

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-15100

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-21T16:15:40Z

Weaknesses

CWE-269

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object