CVE-2025-3292 — Authorization Bypass Through User-Controlled Key in User Registration Membership

CWE-639 — Authorization Bypass Through User-Controlled Key3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 66.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wpeverest User Registration Membership

Timeline

PublishedApr 12

Description

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_update_profile_details() due to missing validation on the 'user_id' user controlled key. This makes it possible for unauthenticated attackers to update other user's passwords, if they have access to the user ID and email.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶NVDwpeverest/user_registration_membership< 4.1.3

Patches

Patch: plugins.trac.wordpress.org ↗

🔴Vulnerability Details

CVEList

User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update↗2025-04-12

▶

GHSA

GHSA-hc93-f59p-5vw6: The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Obje↗2025-04-12

▶