PT-2025-48228 · WordPress · Findall Membership
István Márton
·
Published
2025-11-27
·
Updated
2025-12-02
·
CVE-2025-13539
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FindAll Membership plugin for WordPress versions up to and including 1.0.4
Description
The FindAll Membership plugin for WordPress is susceptible to an Authentication Bypass issue. The plugin does not properly log in a user after verifying data through the
findall membership check facebook user and findall membership check google user functions. This allows unauthenticated attackers to log in as administrative users if they have an existing account on the site and access to the administrative user's email.Recommendations
Update the FindAll Membership plugin to a version later than 1.0.4.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Findall Membership