Platform
wordpress
Component
mementor-core
Fixed in
2.2.6
CVE-2025-11168 describes a Privilege Escalation vulnerability discovered in the Mementor Core WordPress plugin. An attacker with Subscriber-level access or higher can exploit this flaw to gain administrator privileges, potentially compromising the entire WordPress site. This vulnerability affects versions 0.0.0 through 2.2.5, and a patch is available in version 2.2.6.
Successful exploitation of CVE-2025-11168 allows an authenticated attacker to bypass access controls and assume the role of an administrator. This grants them complete control over the WordPress site, including the ability to modify content, install malicious plugins, create new user accounts with elevated privileges, and potentially access sensitive data stored within the WordPress database. The impact is significant, as a compromised administrator account can lead to a full site takeover and data breach. This vulnerability highlights the importance of proper user access controls and secure coding practices within WordPress plugins.
CVE-2025-11168 was publicly disclosed on 2025-11-11. There are currently no known public exploits or active campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog at the time of writing. The ease of exploitation, given the requirement of only authenticated Subscriber access, suggests a potential for exploitation if widely publicized.
Exploit Status
EPSS
0.07% (22% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-11168 is to immediately upgrade the Mementor Core plugin to version 2.2.6 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider restricting access to the user switch back functionality. While not a complete fix, this can limit the attacker's ability to exploit the vulnerability. Monitor WordPress access logs for suspicious activity, particularly attempts to access administrative functions from accounts with lower privileges. Implement a Web Application Firewall (WAF) with rules to detect and block attempts to exploit the user switch back functionality.
Update the Mementor Core plugin to version 2.2.6 or higher to mitigate the privilege escalation vulnerability. This update corrects the improper handling of the user switch back function, preventing attackers with subscriber privileges from accessing administrator accounts.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-11168 is a high-severity vulnerability in the Mementor Core WordPress plugin allowing authenticated subscribers to escalate privileges to administrator accounts due to improper user switch back handling.
You are affected if you are using Mementor Core versions 0.0.0 through 2.2.5. Upgrade to 2.2.6 to resolve the issue.
Upgrade the Mementor Core plugin to version 2.2.6 or later. If immediate upgrade is not possible, restrict access to the user switch back functionality.
As of the current date, there are no confirmed reports of active exploitation, but the vulnerability's ease of exploitation warrants caution.
Refer to the plugin developer's website or WordPress plugin repository for the official advisory and release notes for version 2.2.6.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.