CVE-2025-13313

Name of the Vulnerable Software and Affected Versions WordPress CRM Memberships plugin versions up to and including 2.5

Description The CRM Memberships plugin for WordPress is susceptible to privilege escalation through a password reset function. The issue stems from a lack of proper authorization and authentication checks on the ntzcrm changepassword AJAX action. This allows unauthenticated attackers to reset passwords for any user, gaining unauthorized access to accounts, provided they have access to the user's email address. The plugin also exposes the ntzcrm get users endpoint without authentication, enabling attackers to enumerate subscriber email addresses, which can be used to facilitate exploitation of the password reset issue. The vulnerable API endpoints are /ntzcrm changepassword and /ntzcrm get users. The ntzcrm changepassword endpoint is used for password resets, and the ntzcrm get users endpoint allows for the retrieval of user information.

Recommendations Versions prior to and including 2.5 should be updated. As a temporary workaround, consider disabling the ntzcrm changepassword AJAX action until a patch is available. Restrict access to the ntzcrm get users endpoint to minimize the risk of email address enumeration.