CVE-2025-2594HIGH 8.1EPSS p93.4%

CVE-2025-2594CVE-2025-2594

Description

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS7.11% probability of exploitation · percentile 93.4% · 2026-06-18T12:00:27Z
Published2025-04-22
Last modified2025-09-30

References

  1. https://wpscan.com/vulnerability/1c1be47a-d5c0-4ac1-b9fd-475b382a7d8f/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-2563
CVE
CVE-2026-1492
CVE
CVE-2026-1779
CVE
CVE-2025-14996
CVE
CVE-2025-69292
CVE
CVE-2026-1994
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.