CVE-2025-13538
📋 TL;DR
The FindAll Listing plugin for WordPress has a privilege escalation vulnerability that allows unauthenticated attackers to register as administrators when the FindAll Membership plugin is also active. This affects all WordPress sites using FindAll Listing plugin versions up to 1.0.5 with the FindAll Membership plugin enabled. Attackers can gain full administrative control of vulnerable WordPress installations.
💻 Affected Systems
- FindAll Listing WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover with administrative access, allowing data theft, defacement, malware injection, and further network compromise.
Likely Case
Attackers gain administrative access to WordPress dashboard, enabling content manipulation, plugin/themes installation, and user account creation.
If Mitigated
Limited impact if registration is disabled or proper role validation is implemented at the web application firewall level.
🎯 Exploit Status
Exploitation requires sending specially crafted registration requests with administrator role parameter. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.0.5
Vendor Advisory: https://themeforest.net/item/findall-business-directory-theme/24415962
Restart Required: No
Instructions:
1. Update FindAll Listing plugin to latest version (above 1.0.5). 2. Verify FindAll Membership plugin is also updated if available. 3. Test user registration functionality.
🔧 Temporary Workarounds
Disable User Registration
allTemporarily disable user registration in WordPress settings to prevent exploitation
WordPress Admin Dashboard → Settings → General → Uncheck 'Anyone can register'
Deactivate FindAll Membership Plugin
allRemove the required component for exploitation
WordPress Admin Dashboard → Plugins → Deactivate FindAll Membership
🧯 If You Can't Patch
- Implement web application firewall rules to block registration requests containing role parameters
- Monitor user registration logs for suspicious administrator role assignments
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin dashboard for FindAll Listing plugin version. If version is 1.0.5 or lower AND FindAll Membership plugin is active, the system is vulnerable.Check Version:
WordPress Admin Dashboard → Plugins → FindAll Listing → View versionVerify Fix Applied:
After updating, verify plugin version is above 1.0.5. Test user registration with role parameter to confirm it's rejected.📡 Detection & Monitoring
Log Indicators:
- User registration logs showing role=administrator parameter
- New administrator accounts created via registration form
- Failed registration attempts with role parameters
Network Indicators:
- HTTP POST requests to registration endpoints with role parameters
- Unusual registration traffic from single IPs
SIEM Query:
source="wordpress" AND ("register" OR "registration") AND ("role=administrator" OR "administrator")