Is CVE-2025-2594 actively exploited?

CVE-2025-2594 has no public evidence of in-the-wild exploitation as of 2025-09-30.

What is the CVSS score for CVE-2025-2594?

CVE-2025-2594 has a CVSS score of 8.1 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2025-2594?

Patch guidance is available from wpeverest security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2025-2594.

Fix CVE-2025-2594 - HIGH | CVEDatabase.com

Q: Which products are affected by CVE-2025-2594?

2 products: wpeverest user registration \& membership, wpeverest user registration \& membership.

Description

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: high
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: NVD-CWE-noinfo

Metadata

Primary Vendor: WPEVEREST
Published: 4/22/2025
Last Modified: 9/30/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

wpeverest : user_registration_\&_membershipwpeverest : user_registration_\&_membership

Remediation Guidance

Executive Summary

View on NIST NVD