- Description
- The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_register_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-269
- Hype score
- Not currently trending
[CVE-2025-3278: CRITICAL] Vulnerability alert: UrbanGo Membership plugin for WordPress (up to v1.0.4) prone to privilege escalation. Attackers can gain admin rights via role manipulation during account creation.#cve,CVE-2025-3278,#cybersecurity https://t.co/mIhNDMj0Vg https://t.c
@CveFindCom
22 Apr 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ CVE-2025-3278 โ ๏ธ๐ด CRITICAL (9.8) ๐ข Edge-Themes - UrbanGo Membership ๐๏ธ * ๐ https://t.co/Jl7K8GJ8dD ๐ https://t.co/VL81gwdnmF #CyberCron #VulnAlert #InfoSec https://t.co/ImBXQNEJl4
@cybercronai
20 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๏ฟฝ๏ฟฝ CVE-2025-3278 - WordPress - HIGH ๐จ ๐๏ธ Date published 2025-04-19 03:15:13 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/O2aTmCYwjk
@vulns_space
19 Apr 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes