Dripadmin Crm Memberships vulnerabilities
2 known vulnerabilities affecting dripadmin/crm_memberships.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-13313P2CRITICALCVSS 9.8≤ 2.62025-12-05
CVE-2025-13313 [CRITICAL] CWE-862 CVE-2025-13313: The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in
The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.6. This is due to missing authorization and authentication checks on the `ntzcrm_changepassword` AJAX action. This makes it possible for unauthenticated attackers to reset arbitrary user passwords and gain unaut
nvd
CVE-2025-13312P4MEDIUMCVSS 5.3≤ 2.52025-12-05
CVE-2025-13312 [MEDIUM] CWE-862 CVE-2025-13312: The CRM Memberships plugin for WordPress is vulnerable to unauthorized membership tag creation due t
The CRM Memberships plugin for WordPress is vulnerable to unauthorized membership tag creation due to a missing capability check on the 'ntzcrm_add_new_tag' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to create arbitrary membership tags and modify CRM configuration that should be restricte
nvd