CVE-2025-46535

Vulnerability

Analysis

The Custom Login and Registration plugin for WordPress (versions up to and including 1.0.0) suffers from a Missing Authorization vulnerability, specifically categorized as broken access control. The plugin fails to properly verify user permissions or nonce tokens in certain functions, allowing unauthenticated or low-privilege users to execute actions intended for higher-privileged roles [1]. This is a common class of vulnerability in WordPress plugins where access control checks are omitted or incorrectly implemented.

Exploitation

Scenario

An attacker can exploit this flaw by sending crafted HTTP requests to the vulnerable plugin endpoints without needing authentication. No special network position is required beyond being able to reach the WordPress site. The lack of proper authorization checks means that any visitor can trigger privileged operations, such as modifying settings or accessing user data, simply by knowing the appropriate URLs or parameters [1].

Impact

Successful exploitation leads to unauthorized privilege escalation or the ability to perform actions like modifying registration settings, viewing sensitive information, or potentially creating admin accounts. This vulnerability has been observed in mass-exploit campaigns targeting thousands of websites, emphasizing its real-world danger to site integrity and user data [1].

Mitigation

The vendor has released a fix; users should immediately update the Custom Login and Registration plugin to a patched version. If immediate updating is not possible, site administrators should restrict access to the plugin's pages until an update can be applied [1].