AI description
CVE-2025-13618 describes a privilege escalation vulnerability found in the WordPress Mentoring plugin, affecting all versions up to and including 1.2.8. The flaw originates from an improper restriction of user roles within the `mentoring_process_registration()` function. This vulnerability allows unauthenticated attackers to register new user accounts with administrator-level privileges. By exploiting this weakness, an attacker can gain full control over the affected WordPress site.
- Description
- The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoring_process_registration() function. This makes it possible for unauthenticated attackers to register with administrator-level user accounts.
- Source
- security@wordfence.com
- NVD status
- Deferred
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-269
- Hype score
- Not currently trending
CVE-2025-13618 Privilege Escalation in WordPress Mentoring Plugin Versions Up to 1.2.8 https://t.co/EkTSNDR8bs
@VulmonFeeds
5 May 2026
101 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
โก New CVE Alert: CVE-2025-13618 ๐ Severity: 9.8 ๐จ Risk Level: Critical ๐งฉ Affects: Wordpress Reference: https://t.co/ys4xelbnLi #CVE-2025-13618 #CVE #Critical #Wordpress #CyberSecurity #InfoSec https://t.co/l2QPQqdmgL
@CVEarity
5 May 2026
182 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ CVE-2025-13618 โ CVSS 9.8/10 โโโโโโโโโโ The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8.... Severity: CRITICAL Patch now. #cybersecurity #CVE https://t.co/KOrs8gyGhF
@OrizonCyber
5 May 2026
165 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes