Unrated severityNVD Advisory· Published Apr 22, 2025· Updated Aug 27, 2025
User Registration & Membership < 4.1.3 - Authentication Bypass
CVE-2025-2594
Description
The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <4.1.3
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/1c1be47a-d5c0-4ac1-b9fd-475b382a7d8f/mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.