CVE-2025-2563

High CVSS: 8.1

The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges

Vendor

Wpeverest

Product

User Registration \& Membership

CWE

NVD-CWE-noinfo

Yayın Tarihi

2025-04-14 06:15:16

Güncelleme

2025-04-29 20:32:12

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

NVD-CWE-noinfo User Registration \& Membership HIGH Wpeverest 2025

Referanslar

https://wpscan.com/vulnerability/2c0f62a1-9510-4f90-a297-17634e6c8b75/

Benzer Kayıtlar

Critical

CVE-2025-60210

Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-lis…

High

CVE-2025-5927

The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path vali…

Medium

CVE-2024-8542

The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow…

Medium

CVE-2025-26841

Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code…

Medium

CVE-2025-39400

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Reg…

High

CVE-2025-2594

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when…