CVE-2025-2563
HIGHDescription
The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges
Is your site exposed to CVE-2025-2563?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Affected Products
| Vendor | Product |
|---|---|
| wpeverest | user_registration_\&_membership |
| wpeverest | user_registration_\&_membership |
References
Frequently Asked Questions
What is CVE-2025-2563? +
How severe is CVE-2025-2563? +
What products are affected by CVE-2025-2563? +
How do I check if I'm vulnerable to CVE-2025-2563? +
Related Vulnerabilities
Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-listing allows Object Injection.This issue affects Everest Forms …
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable …
The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable …
The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the …
The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in …
Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1.