User Registration & Membership – Custom Registration Form, Login Form, and User Profile < 4.1.4 – Insecure Direct Object Reference to Unauthenticated Membership Modification | CVE 2025-3282 | Plugin Vulnerabilities

Description

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_membership_register_member() due to missing validation on the 'membership_id' user controlled key. This makes it possible for unauthenticated attackers to update any user's membership to any other active or non-active membership type.

Affects Plugins

user-registration

Fixed in 4.1.4

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/c525b41c-dca5-442a-927e-4583cb303ed1

Classification

Type

IDOR

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

wesley (wcraft)

Verified

No

WPVDB ID

d6a70824-0d58-4ba6-a9d3-7ddad943afaa

Timeline

Publicly Published

2025-04-11 (about 11 months ago)

Added

2025-04-11 (about 11 months ago)

Last Updated

2025-04-12 (about 11 months ago)

Other

Published

Title

Published

2022-11-16

Title

Directorist < 7.4.2.2 - Subscriber+ Arbitrary User Password Update via IDOR

Published

2025-01-09

Title

One to one user Chat by WPGuppy < 1.1.1 - Authorization Bypass

Published

2021-10-11

Title

Squaretype Modern Blog < 3.0.4 - Unauthenticated Private/Schedule Posts Disclosure

Published

2024-04-24

Title

SP Project & Document Manager <= 4.71 - Data Update via IDOR

Published

2025-12-15

Title

FAPI Member <= 2.2.29 - Unauthenticated Insecure Direct Object Reference