CVE-2025-1638

Published Mar 1, 2025

Last updated a month ago

CVSS critical 9.8

Overview

Description
The Alloggio Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity through the alloggio_membership_init_rest_api_facebook_login and alloggio_membership_init_rest_api_google_login functions. This makes it possible for unauthenticated attackers to log in as any user, including administrators, without knowing a password.
Source
security@wordfence.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@wordfence.com
CWE-288

Social media

Hype score
Not currently trending

  1. �� CVE-2025-1638 - WordPress - CRITICAL 🚨 🗓️ Date published 2025-03-01 08:15:34 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/W7j41wASrL

    @vulns_space

    7 Mar 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2025-1638 ⚠️🔴 CRITICAL (9.8) 🏢 Edge-Themes - Alloggio Membership 🏗️ * 🔗 https://t.co/xMBkhUR2Ox 🔗 https://t.co/UwUEpzJxx0 #CyberCron #VulnAlert #InfoSec https://t.co/fReE5htRvb

    @cybercronai

    2 Mar 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-1638 The Alloggio Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly … https://t.co/kXn3GO5S9u

    @CVEnew

    1 Mar 2025

    94 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2025-1638: CRITICAL] Critical vulnerability in Alloggio Membership plugin for WordPress up to v1.0.2 allows unauthenticated attackers to bypass authentication and log in as any user, including admins. Update ...#cybersecurity,#vulnerability https://t.co/4dQ8ig8O99 https://t.

    @CveFindCom

    1 Mar 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. �� CVE-2025-1638 - WordPress - HIGH 🚨 🗓️ Date published 2025-03-01 08:15:34 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/UWznPQJnWQ

    @vulns_space

    1 Mar 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References