CVE-2025-11168HIGH 8.8EPSS p19.2%

CVE-2025-11168CVE-2025-11168

Description

The Mementor Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.5. This is due to plugin not properly handling the user switch back function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges by accessing an administrator account through the switch back functionality.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.28% probability of exploitation · percentile 19.2% · 2026-06-18T12:00:27Z
Published2025-11-11
Last modified2026-04-15

Underlying weaknesses· 1

CWE-269

References

  1. http://plugins.trac.wordpress.org/browser/mementor-core/trunk/inc/functions.php#L1033
  2. https://wordpress.org/plugins/mementor-core/
  3. https://www.wordfence.com/threat-intel/vulnerabilities/id/2460e7c4-76dc-4bc3-bc06-b52df64f5353?source=cve

1

TypeTargetConfidenceTier
WeaknessImproper Privilege Managementcwe-2690%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-13618
CVE
CVE-2025-3101
CVE
CVE-2025-1295
CVE
CVE-2025-14866
CVE
CVE-2026-6456
CVE
CVE-2025-69292
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.