cbcvebase.

Jayarsiech Jay Login Register vulnerabilities

3 known vulnerabilities affecting jayarsiech/jay_login_register.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1

Vulnerabilities

Page 1 of 1
CVE-2025-15027P2CRITICALCVSS 9.8≤ 2.6.032026-02-08
CVE-2025-15027 [CRITICAL] CWE-269 CVE-2025-15027: The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_login_register_ajax_create_final_user' function. This makes it possible for unauthenticated attackers to elevate their privileges t
nvd
CVE-2025-14440P2CRITICALCVSS 9.8≤ 2.4.012025-12-13
CVE-2025-14440 [CRITICAL] CWE-565 CVE-2025-14440: The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.01. This is due to incorrect authentication checking in the 'jay_login_register_process_switch_back' function with the 'jay_login_register_process_switch_back' cookie value. This makes it possible for unauthenticated attackers
nvd
CVE-2025-15100P2HIGHCVSS 8.8≤ 2.6.032026-02-08
CVE-2025-15100 [HIGH] CWE-269 CVE-2025-15100: The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_panel_ajax_update_profile' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to ele
nvd
Jayarsiech Jay Login Register vulnerabilities | cvebase