What is CVE-2025-2563?

CVE-2025-2563 is a vulnerability in User Registration & Membership, classified under CWE-639 AUTHORIZATION BYPASS THROUGH USER-CONTROLLED KEY. Published 2025-04-14.

Is CVE-2025-2563 known to be exploited?

12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in User Registration & Membership

CVE-2025-2563

The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain adm…

EPSS: 0.881 (99.5th percentile) — read the EPSS interpretation.

Affected products

Unknown User Registration & Membership — versions 0

Public proof-of-concept exploits

dokter69/CVE-2025-2563
Nxploited/CVE-2025-2563
0axz-tools/CVE-2025-2563-POC
ubaydev/CVE-2025-2563
rapid7/metasploit-framework
Lern0n/Lernon-POC
eeeeeeeeee-code/POC
laoa1573/wy876
ARPSyndicate/cve-scores
oLy0/Vulnerability

References

wpscan.com/vulnerability/2c0f62a1-9510-4f90-a297-17634e6c8b75/ (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2025-2563?: CVE-2025-2563 is a vulnerability in User Registration & Membership, classified under CWE-639 AUTHORIZATION BYPASS THROUGH USER-CONTROLLED KEY. Published 2025-04-14.
Is CVE-2025-2563 known to be exploited?: 12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.