9.8

CVE-2025-4334

EPSS 28.08%
Veröffentlicht 26.06.2025 02:15:21
Zuletzt bearbeitet 09.07.2025 17:53:13
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation

The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient restrictions on user meta values that can be supplied during registration. This makes it possible for unauthenticated attackers to register as an administrator.

Mögliche Gegenmaßnahme

Simple User Registration: Update to version 6.4, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Simple User Registration

Version *-6.3

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Najeebmedia ≫ Simple User Registration SwPlatformwordpress Version <= 6.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	28.08%	0.964

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://plugins.trac.wordpress.org/browser/wp-registration/trunk/inc/classes/class.register.php#L135

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/c211e0c0-3086-43d2-853c-489f9c42b0ab?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/c211e0c0-3086-43d2-853c-489f9c42b0ab

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-4334

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-4334

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-4334

EUVD