Primary

Context

Binary MLM Plan WordPress Plugin Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in the Binary MLM Plan plugin for WordPress, affecting all versions through 3.0. The issue arises because the plugin automatically assigns the manage_bmp capability to users with the bmp_user role upon registration through the plugin's form. This flaw allows unauthenticated users to register and gain access to manage the plugin's settings.

Impact

Exploitation of this vulnerability allows unauthenticated users to gain elevated privileges, enabling them to manage the settings of the Binary MLM Plan plugin.

Remediation

There is no known patch available for this vulnerability. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.

Added: Oct 15, 2025, 9:56 AM

Updated: Oct 15, 2025, 9:56 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Binary MLM Plan WordPress Plugin Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating