Critical severity9.8NVD Advisory· Published Mar 1, 2025· Updated Apr 15, 2026
CVE-2025-1638
CVE-2025-1638
Description
The Alloggio Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity through the alloggio_membership_init_rest_api_facebook_login and alloggio_membership_init_rest_api_google_login functions. This makes it possible for unauthenticated attackers to log in as any user, including administrators, without knowing a password.
Affected products
2<=1.0.2+ 1 more
- (no CPE)range: <=1.0.2
- (no CPE)range: <=1.0.2
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.