CVE-2025-2563

HIGH

Exploit for CVE-2025-2563

Details

CVSS v3: 8.1
NVD published: 2025-04-14 06:15:16
EPSS: 83.9% probability · 99.3th percentile — 2026-04-17
Affected versions: cpe:2.3:a:wpeverest:user_registration_\&_membership:*:*:*:*:free:wordpress:*:* cpe:2.3:a:wpeverest:user_registration_\&_membership:*:*:*:*:pro:wordpress:*:*
Summary: The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges
Remediation: Not available in our cache.
Exploit info: https://wpscan.com/vulnerability/2c0f62a1-9510-4f90-a297-17634e6c8b75/

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.