Primary

Context

FS Registration Password WordPress Plugin Privilege Escalation Vulnerability via Account Takeover

Vulnerability

A privilege escalation vulnerability allowing account takeover has been identified in the FS Registration Password plugin for WordPress, affecting all versions through 1.0.1. The issue arises because the plugin fails to properly verify a user's identity before allowing password changes. This flaw enables unauthenticated attackers to alter passwords of any user, including administrators, thereby gaining unauthorized access to their accounts.

Impact

Exploitation of this vulnerability allows for unauthorized password changes, leading to account takeover. This includes gaining access to accounts with administrative privileges.

Remediation

Users are advised to update the FS Registration Password plugin to version 2.0.1 or a newer patched version.

Added: Jan 6, 2026, 5:17 AM

Updated: Jan 6, 2026, 5:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

7.7

relevance

1.9

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

7.7

relevance

1.9

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FS Registration Password WordPress Plugin Privilege Escalation Vulnerability via Account Takeover

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating