Notes

→ in reply to @note#1746859212

This change adds a new module, exploit/multi/http/wp_user_registration_membership_escalation.rb, which targets CVE-2025-2563 in the WordPress User Registration & Membership plugin (Free < 4.1.2, Pro < 5.1.2). When the Membership Addon is enabled, the plugin fails to enforce role restrictions on its unauthenticated AJAX endpoint, allowing anyone to register a new account and assign it the administrator role. Add Unauthenticated privesc for WP User Registration & Membership plugin (CVE-2025-2563)