Description
Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Registration: from n/a through 1.0.0.
Published: 2025-04-25
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing authorization flaw in the AlphaEfficiencyTeam Custom Login and Registration plugin allows attackers to exploit improperly configured access control levels, potentially granting unauthorized users access to protected features or data. The vulnerability can enable the creation of new accounts, modification of user settings, or other actions that should be restricted to legitimate administrators or authenticated users. This is a direct privilege escalation within the context of the WordPress site using the plugin.

Affected Systems

WordPress sites that have installed the Custom Login and Registration plugin by AlphaEfficiencyTeam. All versions up through 1.0.0 are affected, as the flaw exists from the initial release to that version.

Risk and Exploitability

The CVSS base score of 5.4 indicates a moderate severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation in the public wild. The vulnerability is not listed in CISA’s KEV catalog. An attacker can potentially manipulate the plugin’s access controls from a remote web interface without special privileges, assuming the plugin is reachable over the network. Successful exploitation would provide unauthorized access to privileged functions within the WordPress installation.

Generated by OpenCVE AI on April 30, 2026 at 20:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the AlphaEfficiencyTeam Custom Login and Registration plugin to a version that addresses the missing authorization flaw, or completely remove the plugin if no fix is available.
  • If upgrading is not immediately possible, restrict access to the plugin’s pages by applying host or application level firewall rules to limit traffic to trusted IP addresses.
  • Configure WordPress user role capabilities to ensure that only administrators have the privileges needed to use the plugin’s sensitive features, reinforcing the principle of least privilege.

Generated by OpenCVE AI on April 30, 2026 at 20:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-12386 Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Registration: from n/a through 1.0.0.
History

Tue, 28 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
References

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration ms-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Registration: from n/a through <= 1.0.0. Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Registration: from n/a through 1.0.0.
References

Thu, 23 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Registration: from n/a through 1.0.0. Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration ms-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Registration: from n/a through <= 1.0.0.
References

Fri, 25 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 25 Apr 2025 08:15:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Registration: from n/a through 1.0.0.
Title WordPress Custom Login and Registration plugin <= 1.0.0 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

Alphaefficiencyteam Custom Login And Registration
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:40.124Z

Reserved: 2025-04-24T14:23:35.866Z

Link: CVE-2025-46535

cve-icon Vulnrichment

Updated: 2025-04-25T14:28:46.181Z

cve-icon NVD

Status : Deferred

Published: 2025-04-25T08:15:13.483

Modified: 2026-04-28T19:32:18.023

Link: CVE-2025-46535

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T21:00:15Z

Weaknesses