CVE-2025-1671 - Vulnerability Details

- Academist Membership <= 1.1.6 - Authentication Bypass via Account Takeover

Description

The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. This is due to the academist_membership_check_facebook_user() function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as any user, including site administrators.

Published: 2025-03-01

Score: 9.8 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Academist Membership plugin for WordPress contains a privilege‑escalation flaw where the academist_membership_check_facebook_user() function fails to verify a user’s identity before authenticating them. As a result, an unauthenticated attacker can submit a request that emits the same credentials for any target user, including administrators, effectively impersonating that user and gaining full control over the site. The weakness is categorized as CWE‑288 and can lead to complete loss of confidentiality, integrity, and discretion of the affected WordPress installation.

Affected Systems

The affected product is Academist Membership, a WordPress plugin developed by Elated‑Themes. All releases up to and including version 1.1.6 are impacted. No specific patch version is listed in the data, but the vulnerability exists in the stated range.

Risk and Exploitability

The CVSS score of 9.8 indicates this flaw is a critical remote authentication bypass. The EPSS score of < 1% suggests that, while the likelihood of exploitation is currently low, the potential impact is significant enough to warrant prompt action. The vulnerability resides in the web-facing authentication endpoint of the plugin and can be exploited remotely without prior authentication, making it easy for attackers to compromise any site running a vulnerable version. The flaw is not cataloged in the CISA KEV list yet, but its high severity and the lack of active authentication make it a top‑priority risk for any affected WordPress site.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Elated-Themes

Academist Membership

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.1.6

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update Academist Membership to the latest available version that incorporates the fix for the Facebook login verification bug.
Disable the Facebook login feature within the plugin’s settings until a patched version is deployed to stop unauthenticated attempts to abuse the check function.
Configure application‑level firewall rules that block or rate‑limit unauthenticated requests to the plugin’s authentication endpoints, reducing the attack surface while the patch is pending.

Generated by OpenCVE AI on April 21, 2026 at 22:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-5896	The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. This is due to the academist_membership_check_facebook_user() function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as any user, including site administrators.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00194.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
https://themeforest.net/item/academist-a-modern-learning-management-system-and-education-theme/22376830
https://www.wordfence.com/threat-intel/vulnerabilities/id/911a9550-1f62-4f28-9d8c-00d9769949c9?source=cve

History

Tue, 04 Mar 2025 03:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Sat, 01 Mar 2025 07:30:00 +0000

Type	Values Removed	Values Added
Description		The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. This is due to the academist_membership_check_facebook_user() function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as any user, including site administrators.
Title		Academist Membership <= 1.1.6 - Authentication Bypass via Account Takeover
Weaknesses		CWE-288
References		https://themeforest.net/item/academist-a-modern-learning-management-system-and-education-theme/22376830 https://www.wordfence.com/threat-intel/vulnerabilities/id/911a9550-1f62-4f28-9d8c-00d9769949c9?source=cve
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2025-03-01T07:24:04.682Z

Updated: 2026-04-08T17:06:54.805Z

Reserved: 2025-02-24T21:51:36.610Z

Link: CVE-2025-1671

Vulnrichment

Updated: 2025-03-03T20:55:29.221Z

NVD

Status : Deferred

Published: 2025-03-01T08:15:34.320

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-1671

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-21T22:15:45Z

Weaknesses

CWE-288

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object