CVE-2025-13539
📋 TL;DR
The FindAll Membership WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as administrative users. Attackers need access to an admin's email address and can create a temporary user account through default functionality. All WordPress sites using this plugin up to version 1.0.4 are affected.
💻 Affected Systems
- FindAll Membership WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover with administrative privileges, allowing attackers to install backdoors, steal sensitive data, deface the site, or use it for further attacks.
Likely Case
Attackers gain administrative access to compromise the WordPress site, potentially leading to data theft, malware injection, or credential harvesting.
If Mitigated
Limited impact if proper network segmentation, monitoring, and least privilege principles are implemented, though the vulnerability still exists.
🎯 Exploit Status
The vulnerability is in authentication logic, making exploitation straightforward once the attack vector is understood.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.0.4 (check for updates)
Vendor Advisory: https://themeforest.net/item/findall-business-directory-theme/24415962
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'FindAll Membership' plugin. 4. Click 'Update Now' if available. 5. If no update is available, deactivate and remove the plugin immediately.
🔧 Temporary Workarounds
Disable Plugin
allDeactivate the FindAll Membership plugin to prevent exploitation
wp plugin deactivate findall-membership
Remove Plugin Files
linuxCompletely remove the plugin files from the WordPress installation
rm -rf /path/to/wordpress/wp-content/plugins/findall-membership/
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block authentication bypass attempts
- Enable detailed logging for authentication events and monitor for suspicious login patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for 'FindAll Membership' version 1.0.4 or earlierCheck Version:
wp plugin get findall-membership --field=versionVerify Fix Applied:
Verify plugin version is higher than 1.0.4 or confirm plugin is deactivated/removed📡 Detection & Monitoring
Log Indicators:
- Unusual authentication events, multiple failed login attempts followed by successful admin login from new IPs
- Login events from temporary user accounts gaining administrative privileges
Network Indicators:
- HTTP POST requests to authentication endpoints with unusual parameters
- Traffic patterns showing authentication bypass attempts
SIEM Query:
source="wordpress.log" AND ("findall_membership_check_facebook_user" OR "findall_membership_check_google_user") AND status="200"