Description
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_membership_register_member() due to missing validation on the 'membership_id' user controlled key. This makes it possible for unauthenticated attackers to update any user's membership to any other active or non-active membership type.
Published: 2025-04-12
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Membership Modification
Action: Apply Patch
AI Analysis

Impact

The vulnerability originates in the user_registration_membership_register_member() function of the User Registration & Membership plugin, which accepts a membership_id parameter without validating ownership or authentication. This Insecure Direct Object Reference flaw allows an attacker to specify any membership ID and apply it to any user account, effectively granting or revoking paid or non‑active memberships without permission. The weakness is classified as CWE‑639 and results in unauthorized privilege changes that can alter user access levels across the site.

Affected Systems

All installations of the wpeverest User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin, versions 4.1.3 and earlier. The plugin is available as a WordPress add‑on and can be installed on any WordPress site that uses this membership solution.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the flaw by sending an unauthenticated HTTP request to the plugin’s AJAX endpoint and supplying a selected membership_id value, thereby reassigning memberships for arbitrary users. No additional authentication or privileged access is required to trigger the change.

Generated by OpenCVE AI on April 20, 2026 at 23:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the User Registration & Membership plugin to a release that includes validation for the membership_id parameter.
  • If an update is not immediately available, block or restrict access to the AJAX endpoint that accepts membership_id to prevent unauthenticated requests.
  • Verify that all site memberships are current after applying the patch or blocking the endpoint to ensure no unintended changes remain.

Generated by OpenCVE AI on April 20, 2026 at 23:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-10841 The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_membership_register_member() due to missing validation on the 'membership_id' user controlled key. This makes it possible for unauthenticated attackers to update any user's membership to any other active or non-active membership type.
History

Tue, 08 Jul 2025 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Wpeverest
Wpeverest user Registration \& Membership
CPEs cpe:2.3:a:wpeverest:user_registration_\&_membership:*:*:*:*:free:wordpress:*:*
Vendors & Products Wpeverest
Wpeverest user Registration \& Membership

Mon, 14 Apr 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 12 Apr 2025 07:00:00 +0000

Type Values Removed Values Added
Description The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_membership_register_member() due to missing validation on the 'membership_id' user controlled key. This makes it possible for unauthenticated attackers to update any user's membership to any other active or non-active membership type.
Title User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Wpeverest User Registration \& Membership
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:20:48.116Z

Reserved: 2025-04-04T15:25:48.467Z

Link: CVE-2025-3282

cve-icon Vulnrichment

Updated: 2025-04-14T16:22:47.819Z

cve-icon NVD

Status : Analyzed

Published: 2025-04-12T07:15:27.003

Modified: 2025-07-08T18:32:17.517

Link: CVE-2025-3282

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T23:30:16Z

Weaknesses