module
WP User Registration and Membership Unauthenticated Privilege Escalation (CVE-2025-2563)
| Disclosed |
|---|
| Mar 24, 2025 |
Disclosed
Mar 24, 2025
Description
Exploits CVE-2025-2563 in the WordPress User Registration & Membership plugin.
1) Registers a free-membership user via AJAX.
2) Elevates that user to administrator via the membership AJAX action.
3) Logs in, uploads & executes a PHP payload.
1) Registers a free-membership user via AJAX.
2) Elevates that user to administrator via the membership AJAX action.
3) Logs in, uploads & executes a PHP payload.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.