Primary

Context

User Registration & Membership WordPress Plugin Privilege Escalation Vulnerability

Vulnerability

Patched

A privilege escalation vulnerability has been identified in the User Registration & Membership WordPress plugin, affecting versions prior to 4.1.2. When the Membership Addon is enabled, the plugin allows users to arbitrarily set their account roles. This flaw enables unauthenticated users to gain administrative privileges on the site.

Impact

Exploitation of this vulnerability allows unauthenticated users to gain admin privileges on the WordPress site.

Remediation

Users can update to User Registration & Membership version 4.1.2 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

9.7

remediation

7.7

relevance

0.0

threat

8.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

9.7

remediation

7.7

relevance

0.0

threat

8.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

User Registration & Membership WordPress Plugin Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

User Registration & Membership

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating