Metrics
Affected Vendors & Products
Wed, 27 Aug 2025 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID. | The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID. |
Wed, 16 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Wed, 07 May 2025 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wpeverest
Wpeverest user Registration \& Membership |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:wpeverest:user_registration_\&_membership:*:*:*:*:free:wordpress:*:* cpe:2.3:a:wpeverest:user_registration_\&_membership:*:*:*:*:pro:wordpress:*:* |
|
Vendors & Products |
Wpeverest
Wpeverest user Registration \& Membership |
Tue, 22 Apr 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Tue, 22 Apr 2025 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID. | |
Title | User Registration & Membership < 4.1.3 - Authentication Bypass | |
References |
|

Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2025-08-27T12:00:51.368Z
Reserved: 2025-03-21T08:57:14.430Z
Link: CVE-2025-2594

Updated: 2025-04-22T14:39:44.404Z

Status : Modified
Published: 2025-04-22T06:15:44.860
Modified: 2025-08-27T12:15:36.133
Link: CVE-2025-2594

No data.

No data.