CVE-2025-2594

HIGH

WordPress Plugin <4.1.3 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-2594. PoCs published by Mohammed Idrees Banyamer, ubaydev.

AI-analyzed exploit summary This exploit bypasses authentication in WordPress User Registration & Membership Plugin by manipulating the 'user_registration_membership_confirm_payment' action with a crafted payload. It requires a valid nonce and member ID to achieve unauthorized access.

Description

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID.

Exploits (2)

exploitdb WORKING POC

by Mohammed Idrees Banyamer · pythonwebappsmultiple

https://www.exploit-db.com/exploits/52302

View Code ZIP pw:eip

This exploit bypasses authentication in WordPress User Registration & Membership Plugin by manipulating the 'user_registration_membership_confirm_payment' action with a crafted payload. It requires a valid nonce and member ID to achieve unauthorized access.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: WordPress User Registration & Membership Plugin <= 4.1.2

No auth needed

Prerequisites: valid nonce value · target member ID · access to the registration page

MITRE ATT&CK

T1550.003 - Pass the Ticket

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP

by ubaydev · poc

https://github.com/ubaydev/CVE-2025-2594

View Code ZIP pw:eip

This repository provides a detailed writeup and PoC for CVE-2025-2594, an authentication bypass vulnerability in the User Registration & Membership WordPress plugin (versions <= 4.1.2). The exploit leverages incorrect authentication in the 'confirm_payment()' function to log in as any existing user, including administrators, by manipulating the 'member_id' parameter.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: User Registration & Membership WordPress plugin <= 4.1.2

No auth needed

Prerequisites: Membership add-on must be activated · Valid _confirm_payment_nonce from the registration page

MITRE ATT&CK

T1550 - Use Alternate Authentication Material

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/1c1be47a-d5c0-4ac1-b9fd-475b382a7d8f/

Scores

CVSS v3 8.1

EPSS 0.0711

EPSS Percentile 93.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

Status published

Products (2)

wpeverest/user_registration_\&_membership < 4.1.3

wpeverest/user_registration_\&_membership < 5.1.3

Published Apr 22, 2025

Tracked Since Feb 18, 2026