{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3281", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-04-04T15:15:57.202Z", "datePublished": "2025-05-06T07:24:21.668Z", "dateUpdated": "2025-05-06T13:25:25.517Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-05-06T07:24:21.668Z"}, "affected": [{"vendor": "wpeverest", "product": "User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "4.2.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.1 via the create_stripe_subscription() function, due to missing validation on the 'member_id' user controlled key. This makes it possible for unauthenticated attackers to delete arbitrary user accounts that have registered through the plugin."}], "title": "User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30339ff6-b6bf-4c56-b6cd-db0b8a6ce8b6?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/user-registration/tags/4.1.3/modules/membership/includes/AJAX.php#L619"}, {"url": "https://plugins.trac.wordpress.org/changeset/3287698/user-registration/trunk/modules/membership/includes/AJAX.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "cweId": "CWE-639", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "timeline": [{"time": "2025-05-05T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-06T13:25:12.947564Z", "id": "CVE-2025-3281", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-06T13:25:25.517Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3281", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-06T13:25:12.947564Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-06T13:25:20.792Z"}}], "cna": {"title": "User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion", "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "wpeverest", "product": "User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "4.2.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-05-05T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30339ff6-b6bf-4c56-b6cd-db0b8a6ce8b6?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/user-registration/tags/4.1.3/modules/membership/includes/AJAX.php#L619"}, {"url": "https://plugins.trac.wordpress.org/changeset/3287698/user-registration/trunk/modules/membership/includes/AJAX.php"}], "descriptions": [{"lang": "en", "value": "The User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.1 via the create_stripe_subscription() function, due to missing validation on the 'member_id' user controlled key. This makes it possible for unauthenticated attackers to delete arbitrary user accounts that have registered through the plugin."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-05-06T07:24:21.668Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3281", "state": "PUBLISHED", "dateUpdated": "2025-05-06T13:25:25.517Z", "dateReserved": "2025-04-04T15:15:57.202Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-05-06T07:24:21.668Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.1 via the create_stripe_subscription() function, due to missing validation on the 'member_id' user controlled key. This makes it possible for unauthenticated attackers to delete arbitrary user accounts that have registered through the plugin."}, {"lang": "es", "value": "El complemento User Registration &amp; Membership \u2013 Custom Registration Form, Login Form, and User Profile para WordPress es vulnerable a una Referencia Directa a Objetos Insegura en todas las versiones hasta la 4.2.1 incluida, a trav\u00e9s de la funci\u00f3n create_stripe_subscription(), debido a la falta de validaci\u00f3n en la clave controlada por el usuario \"member_id\". Esto permite a atacantes no autenticados eliminar cuentas de usuario arbitrarias registradas a trav\u00e9s del complemento."}], "id": "CVE-2025-3281", "lastModified": "2025-05-07T14:13:20.483", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-05-06T08:15:16.707", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/user-registration/tags/4.1.3/modules/membership/includes/AJAX.php#L619"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3287698/user-registration/trunk/modules/membership/includes/AJAX.php"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30339ff6-b6bf-4c56-b6cd-db0b8a6ce8b6?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}