Security Advisory

CVE-2025-2563

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-04-14 06:00:09

Last updated 2025-08-27 12:00:20

Assigner WPScan

State PUBLISHED

Description

The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges

← Browse all CVEs View on cve.org ↗