CVE-2025-13618

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoring process registration() function. This makes it possible for unauthenticated attackers to register with administrator-level user accounts.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2025-13618

Affected Products

Mentoring

CVE-2025-13618

Weakness Enumeration

Related Identifiers

Affected Products

References · 4