Login Sign Up

CVE-2025-2563

8.1 HIGH
Authentication Bypass

📋 TL;DR

The User Registration & Membership WordPress plugin before version 4.1.2 contains a privilege escalation vulnerability that allows unauthenticated users to set their account role to administrator when the Membership Addon is enabled. This affects all WordPress sites running vulnerable versions of this plugin with the Membership Addon active.

💻 Affected Systems

Products:
  • User Registration & Membership WordPress plugin
Versions: All versions before 4.1.2
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires the Membership Addon to be enabled. The vulnerability is present in the default configuration when this addon is active.

📦 What is this software?

User Registration \& Membership by Wpeverest

View all CVEs affecting User Registration \& Membership →

User Registration \& Membership by Wpeverest

View all CVEs affecting User Registration \& Membership →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site takeover where attackers gain full administrative access, can install backdoors, steal data, deface the site, or use it for further attacks.

🟠

Likely Case

Attackers create administrator accounts to maintain persistent access, install malicious plugins/themes, or exfiltrate sensitive user data.

🟢

If Mitigated

If detected early, impact is limited to temporary unauthorized access that can be revoked through user cleanup and security hardening.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability is straightforward to exploit and has been publicly disclosed with technical details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.1.2

Vendor Advisory: https://wpscan.com/vulnerability/2c0f62a1-9510-4f90-a297-17634e6c8b75/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'User Registration & Membership' plugin. 4. Click 'Update Now' if update is available. 5. If no update appears, manually download version 4.1.2+ from WordPress.org and replace plugin files.

🔧 Temporary Workarounds

Disable Membership Addon

all

Temporarily disable the vulnerable Membership Addon component while awaiting patch

Disable User Registration

all

Temporarily disable user registration functionality

🧯 If You Can't Patch

  • Remove the User Registration & Membership plugin entirely and use alternative registration solutions
  • Implement web application firewall rules to block user registration requests or role modification attempts

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for 'User Registration & Membership' version. If version is below 4.1.2 and Membership Addon is active, the site is vulnerable.

Check Version:

wp plugin list --name='user-registration' --field=version

Verify Fix Applied:

After updating, verify plugin version shows 4.1.2 or higher in WordPress admin panel and test user registration functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unusual user registration events, especially with administrator role assignments
  • Multiple user creation attempts from single IP
  • User role changes in WordPress user logs

Network Indicators:

  • POST requests to user registration endpoints with role parameters
  • Unusual traffic to /wp-admin/user-new.php or registration endpoints

SIEM Query:

source="wordpress" AND (event="user_registered" OR event="set_user_role") AND role="administrator"

📊 Metadata

CVE ID: CVE-2025-2563
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score: 83.89% exploit probability (99.3th percentile)
Published: April 14, 2025
Last Updated: April 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON