PT-2026-1415 · WordPress · Fs Registration Password
Drew Webber
·
Published
2026-01-06
·
Updated
2026-01-09
·
CVE-2025-15001
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FS Registration Password plugin for WordPress versions prior to 1.0.2
Description
The FS Registration Password plugin for WordPress is susceptible to privilege escalation, allowing account takeover. This occurs because the plugin does not correctly verify a user’s identity before allowing password updates. This flaw enables unauthenticated attackers to modify passwords for any user, including administrators, and subsequently gain unauthorized access to accounts.
Recommendations
Update the FS Registration Password plugin to version 1.0.2 or later.
Fix
LPE
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fs Registration Password