Login Sign Up

CVE-2025-2594

8.1 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in the User Registration & Membership WordPress plugin allows attackers to authenticate as any user, including administrators, by exploiting an AJAX action when the Membership Addon is enabled. All WordPress sites running vulnerable versions of this plugin with the Membership Addon active are affected.

💻 Affected Systems

Products:
  • User Registration & Membership WordPress plugin
Versions: All versions before 4.1.3
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Membership Addon to be enabled for vulnerability to be exploitable.

📦 What is this software?

User Registration \& Membership by Wpeverest

View all CVEs affecting User Registration \& Membership →

User Registration \& Membership by Wpeverest

View all CVEs affecting User Registration \& Membership →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site takeover with administrative privileges, allowing data theft, defacement, malware injection, and lateral movement to other systems.

🟠

Likely Case

Administrative account compromise leading to unauthorized content changes, plugin/theme installation, and user data exposure.

🟢

If Mitigated

Limited impact if strong network controls, WAF rules, and monitoring prevent exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only the target user ID and knowledge of the vulnerable AJAX endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.1.3

Vendor Advisory: https://wpscan.com/vulnerability/1c1be47a-d5c0-4ac1-b9fd-475b382a7d8f/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'User Registration & Membership' plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 4.1.3+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable Membership Addon

all

Temporarily disable the Membership Addon component to prevent exploitation.

Restrict AJAX Access

linux

Use web application firewall or .htaccess rules to restrict access to wp-admin/admin-ajax.php for unauthorized IPs.

# Example .htaccess rule for specific IPs
Order Deny,Allow
Deny from all
Allow from 192.168.1.0/24
Allow from 10.0.0.0/8

🧯 If You Can't Patch

  • Disable the User Registration & Membership plugin entirely until patched.
  • Implement strict network segmentation and monitor for authentication anomalies.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for User Registration & Membership version. If version is below 4.1.3 and Membership Addon is active, the site is vulnerable.

Check Version:

wp plugin list --name='User Registration & Membership' --field=version

Verify Fix Applied:

Confirm plugin version is 4.1.3 or higher in WordPress admin panel and test authentication functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unusual authentication attempts via admin-ajax.php
  • Multiple failed login attempts followed by successful login from same IP
  • User ID parameter manipulation in AJAX requests

Network Indicators:

  • POST requests to /wp-admin/admin-ajax.php with action parameter related to user registration/membership
  • Unusual spikes in admin-ajax.php traffic

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-admin/admin-ajax.php" AND (http_method="POST" AND (param_action="*membership*" OR param_action="*user*")))

📊 Metadata

CVE ID: CVE-2025-2594
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score: 4.81% exploit probability (89.3th percentile)
Published: April 22, 2025
Last Updated: September 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON