CVE-2025-2563

HIGH EXPLOITED NUCLEI

User Registration & Membership <= 4.1.1 - Unauthenticated Privilege Escalation

Title source: nuclei
STIX 2.1

Exploitation Summary

CVE-2025-2563 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 5 public exploits from researchers including dokter69, Nxploited, 0axz-tools, including a Metasploit module exploits/multi/http/wp_user_registration_membership_escalation. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2025-2563, targeting a WordPress membership plugin vulnerability. The exploit automates user registration, email bypass, and admin privilege escalation through crafted HTTP requests and nonce extraction.

Description

The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges

Exploits (5)

nomisec WORKING POC
by dokter69 · remote
https://github.com/dokter69/CVE-2025-2563

This repository contains a functional Python exploit for CVE-2025-2563, targeting a WordPress membership plugin vulnerability. The exploit automates user registration, email bypass, and admin privilege escalation through crafted HTTP requests and nonce extraction.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: WordPress Membership Plugin (unspecified version)
No auth needed
Prerequisites: WordPress site with vulnerable membership plugin · network access to target
devstral-2 · analyzed Apr 20, 2026 Full analysis →
nomisec WORKING POC
by Nxploited · remote
https://github.com/Nxploited/CVE-2025-2563

The repository contains a functional Python exploit for CVE-2025-2563, targeting a WordPress membership plugin vulnerability. The script automates user registration and privilege escalation by extracting nonces and form data from the target site.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: WordPress Membership Plugin (unspecified version)
No auth needed
Prerequisites: Target URL · Access to registration page
devstral-2 · analyzed Apr 18, 2026 Full analysis →
nomisec WRITEUP
by ubaydev · remote
https://github.com/ubaydev/CVE-2025-2563

This repository provides a detailed writeup and proof-of-concept for CVE-2025-2563, an unauthenticated privilege escalation vulnerability in the User Registration & Membership WordPress plugin. The exploit allows attackers to create administrator accounts under specific conditions.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: User Registration & Membership WordPress plugin <= 4.1.1
No auth needed
Prerequisites: Membership add-on activated · No user confirmation required
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by wesley (wcraft), Valentin Lobstein · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_user_registration_membership_escalation.rb

This Metasploit module exploits CVE-2025-2563 in the WordPress User Registration & Membership plugin, allowing unauthenticated privilege escalation to administrator by registering a user, elevating privileges via AJAX, and uploading/executing a PHP payload.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: WordPress User Registration & Membership plugin versions < 4.1.2 (free) and < 5.1.2 (pro)
No auth needed
Prerequisites: Target running vulnerable WordPress plugin · Access to WordPress AJAX endpoints
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

User Registration & Membership <= 4.1.1 - Unauthenticated Privilege Escalation
CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch
FOFA: body="/wp-content/plugins/user-registration"

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/2c0f62a1-9510-4f90-a297-17634e6c8b75/

Scores

CVSS v3 8.1
EPSS 0.8768
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

VulnCheck KEV 2025-03-25
Status published
Products (2)
wpeverest/user_registration_\&_membership < 4.1.2
wpeverest/user_registration_\&_membership < 5.1.2
Published Apr 14, 2025
Tracked Since Feb 18, 2026