PT-2026-6941 · WordPress · Jay Login & Register
Andrea Bocchetti
·
Published
2026-02-08
·
Updated
2026-02-13
·
CVE-2025-15027
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
JAY Login & Register plugin for WordPress versions prior to 2.6.04
Description
The JAY Login & Register plugin for WordPress is susceptible to a privilege escalation issue. The plugin allows updating arbitrary user meta through the
jay login register ajax create final user function, potentially enabling unauthenticated attackers to gain administrator privileges.Recommendations
Update the JAY Login & Register plugin to version 2.6.04 or later.
Fix
LPE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jay Login & Register