THREATNOIR
Subscribe
Back to Feed
VulnerabilitiesApr 14, 2026

‼️ CVE-2025-2563: The User Registration & Membership WordPress plugin before 4.1.2 does not p...

CVE-2025-2563: User Registration & Membership WordPress plugin before 4.1.2 allows unauthenticated privilege escalation

Read at source

Summary

CVE-2025-2563 affects the User Registration & Membership WordPress plugin versions before 4.1.2, where the Membership Addon fails to properly restrict account role assignment. This vulnerability allows unauthenticated users to set their own account role to administrator, resulting in unauthorized admin access. The issue is a critical privilege escalation flaw requiring immediate patching.

Indicators of Compromise

  • cve — CVE-2025-2563

Entities

User Registration & Membership (product)WordPress (technology)