PT-2025-51072 · WordPress · Jay Login & Register
Kenneth Dunn
·
Published
2025-12-13
·
Updated
2025-12-18
·
CVE-2025-14440
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
JAY Login & Register plugin for WordPress versions prior to 2.4.01
Description
The JAY Login & Register plugin for WordPress has a flaw in authentication. Incorrect authentication checking within the
jay login register process switch back function, utilizing the jay login register process switch back cookie, allows attackers to bypass authentication. This enables unauthenticated attackers to log in as any existing user, including administrators, if they have access to the user id.Recommendations
Update the JAY Login & Register plugin to a version later than 2.4.01.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jay Login & Register