CVE-2025-1564

Name of the Vulnerable Software and Affected Versions SetSail Membership plugin for WordPress versions up to, and including, 1.0.3

Description The issue arises from the plugin's failure to properly verify a user's identity through social login, allowing unauthenticated attackers to log in as any user, including administrators, and take over access to their account.

Recommendations For versions up to, and including, 1.0.3, update to a version higher than 1.0.3 to resolve the issue. As a temporary workaround, consider disabling the social login feature until a patch is available. Restrict access to sensitive areas of the WordPress dashboard to minimize the risk of exploitation.