Black & White Path

Apr 15, 2026 · Information Security

CVE-2025-2563: How Pre‑4.1.2 WordPress Registration Plugins Enable Privilege Escalation

CVE-2025-2563 affects WordPress installations prior to version 4.1.2 where user registration and membership plugins, when the membership add‑on is enabled, fail to block role assignment, allowing unauthenticated users to elevate themselves to administrator privileges.