Unauthenticated privesc for WP User Registration & Membership plugin (CVE-2025-2563) - Note

Unauthenticated privesc for WP User Registration & Membership plugin (CVE-2025-2563)

The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges. Unauthenticated privesc for WP User Registration & Membership plugin (CVE-2025-2563)

Notes