Primary

Context

Mementor Core WordPress Plugin Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in the Mementor Core plugin for WordPress, affecting all versions through 2.2.5. The issue arises because the plugin does not properly manage the user switch back function. This flaw allows authenticated attackers with Subscriber-level access or higher to elevate their privileges by switching to an administrator account.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling a user to gain administrative rights.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access must use the user switching feature to switch to an administrator account. Once switched, the user can perform actions with elevated privileges.

Remediation

No patch is currently available for this vulnerability. Users are advised to uninstall the affected plugin and seek a replacement.

Added: Nov 11, 2025, 5:12 AM

Updated: Nov 11, 2025, 5:12 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.3

remediation

0.0

relevance

0.9

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.3

remediation

0.0

relevance

0.9

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mementor Core WordPress Plugin Privilege Escalation Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating