- Description
- The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'user_phone' parameter when logging in. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if SMS login is enabled.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-287
- Hype score
- Not currently trending
π¨ CVE-2025-1475 β οΈπ΄ CRITICAL (9.8) π’ whyun - WPCOM Member ποΈ * π https://t.co/5ovgvpIdbu π https://t.co/6csIANFO61 π https://t.co/91TaYs5UmI #CyberCron #VulnAlert #InfoSec https://t.co/Jug0tNckwE
@cybercronai
7 Mar 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1475 Authentication Bypass in WPCOM Member Plugin for WordPress via User Phone Parameter https://t.co/n5x9etr5xH
@VulmonFeeds
7 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
οΏ½οΏ½ CVE-2025-1475 - WordPress - CRITICAL π¨ ποΈ Date published 2025-03-07 07:15:23 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/anHeQ0R5cn
@vulns_space
7 Mar 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1475 The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on th⦠https://t.co/neMjkrbnJp
@CVEnew
7 Mar 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-1475: CRITICAL] WordPress WPCOM Member plugin up to version 1.7.5 is at risk of an authentication bypass due to inadequate verification on the 'user_phone' parameter, allowing unauthorized access to any ...#cybersecurity,#vulnerability https://t.co/mj1KS5etlp https://t.
@CveFindCom
7 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes