Primary

Context

SetSail Membership WordPress Plugin Authentication Bypass Vulnerability Allowing Account Takeover

Vulnerability

An authentication bypass vulnerability has been identified in the SetSail Membership plugin for WordPress, affecting all versions through 1.0.3. The vulnerability arises because the plugin fails to properly verify user identities during social login, enabling unauthenticated attackers to log in as any user, including administrators, and take over their accounts.

Impact

Exploitation of this vulnerability allows for unauthorized login as any user, with the potential to take over administrator accounts.

Remediation

Users are advised to update the SetSail Membership plugin to version 1.1 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SetSail Membership WordPress Plugin Authentication Bypass Vulnerability Allowing Account Takeover

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating