CVE-2025-3278

Name of the Vulnerable Software and Affected Versions UrbanGo Membership plugin for WordPress versions up to, and including, 1.0.4

Description The issue is related to privilege escalation due to the plugin allowing users who are registering new accounts to set their own role or by supplying the user register role field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.

Recommendations For versions up to, and including, 1.0.4, consider disabling the user registration feature or restricting the user register role field to prevent unauthenticated attackers from gaining elevated privileges until a patch is available.