Critical severity9.8NVD Advisory· Published Mar 1, 2025· Updated Apr 15, 2026
CVE-2025-1671
CVE-2025-1671
Description
The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. This is due to the academist_membership_check_facebook_user() function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as any user, including site administrators.
Affected products
2<=1.1.6+ 1 more
- (no CPE)range: <=1.1.6
- (no CPE)range: <=1.1.6
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.