PT-2026-6942 · WordPress · Jay Login & Register
Sarawut Poolkhet
·
Published
2026-02-08
·
Updated
2026-02-13
·
CVE-2025-15100
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
JAY Login & Register plugin for WordPress versions prior to 2.6.04
Description
The JAY Login & Register plugin for WordPress is susceptible to a privilege escalation issue. The plugin permits a user to modify arbitrary user meta data via the
jay panel ajax update profile function. This allows authenticated attackers with Subscriber-level access or higher to gain administrator privileges.Recommendations
Update the JAY Login & Register plugin to version 2.6.04 or later.
Fix
LPE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jay Login & Register