CVE-2025-1671
📋 TL;DR
The Academist Membership WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any user, including administrators. This affects all versions up to 1.1.6. WordPress sites using this plugin are vulnerable until patched.
💻 Affected Systems
- Academist Membership WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover - attackers gain administrative access, can deface website, steal sensitive data, install backdoors, or delete the entire site.
Likely Case
Attackers gain administrative privileges, install malware, create backdoor accounts, and potentially compromise the entire WordPress installation and server.
If Mitigated
With proper network segmentation and monitoring, impact could be limited to the WordPress instance, but administrative access still provides significant control.
🎯 Exploit Status
The vulnerability is in a specific function that handles Facebook authentication, requiring minimal technical skill to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 1.1.7 or later
Vendor Advisory: https://themeforest.net/item/academist-a-modern-learning-management-system-and-education-theme/22376830
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find Academist Membership plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete plugin immediately.
🔧 Temporary Workarounds
Disable Plugin
allDeactivate the Academist Membership plugin to prevent exploitation
wp plugin deactivate academist-membership
Remove Plugin Files
linuxCompletely remove the plugin files from the WordPress installation
rm -rf /path/to/wordpress/wp-content/plugins/academist-membership/
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block requests to the vulnerable academist_membership_check_facebook_user() function
- Restrict access to WordPress admin panel using IP whitelisting and implement multi-factor authentication for all users
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Academist Membership. If version is 1.1.6 or earlier, you are vulnerable.Check Version:
wp plugin get academist-membership --field=versionVerify Fix Applied:
After update, verify plugin version is 1.1.7 or later in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual authentication events, multiple failed login attempts followed by successful admin login from new IPs
- POST requests to /wp-admin/admin-ajax.php with action=academist_membership_check_facebook_user
Network Indicators:
- Unusual traffic patterns to WordPress admin endpoints from unexpected locations
- HTTP requests containing Facebook authentication parameters without proper validation
SIEM Query:
source="wordpress.log" AND ("academist_membership_check_facebook_user" OR "admin-ajax.php") AND (status=200 OR "logged_in")