VYPR
Unrated severityNVD Advisory· Published Apr 22, 2025· Updated Aug 27, 2025

User Registration & Membership < 4.1.3 - Authentication Bypass

CVE-2025-2594

Description

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.