What is CVE-2025-13540 — Privilege Escalation in Tiare Membership?

CVE-2025-13540 is a critical vulnerability in the Tiare Membership WordPress plugin allowing unauthenticated attackers to gain administrator access by exploiting a flaw in user registration.

Am I affected by CVE-2025-13540 in Tiare Membership?

If you are using Tiare Membership plugin versions 1.0.0 through 1.2, you are vulnerable. Upgrade to version 1.3 or later to mitigate the risk.

How do I fix CVE-2025-13540 in Tiare Membership?

The recommended fix is to upgrade the Tiare Membership plugin to version 1.3 or later. If immediate upgrade is not possible, restrict user registration to trusted administrators.

Is CVE-2025-13540 being actively exploited?

While no public exploits are currently known, the vulnerability's ease of exploitation suggests a potential for active exploitation. Monitor your systems closely.

Where can I find the official Tiare Membership advisory for CVE-2025-13540?

Refer to the official Tiare Membership plugin documentation and WordPress plugin repository for the latest advisory and update information.

CVE-2025-13540 — Vulnerability Details

NEXTGUARD

Escanear grátis

CVE-2025-13540 — Vulnerability Details | NextGuard

Passos de Detecçãotraduzindo…

• wordpress / plugin: Use wp-cli to check the plugin version:

wp plugin list | grep tiare-membership

• wordpress / plugin: Search plugin files for the vulnerable function tiaremembershipinitrestapi_register using grep:

grep -r 'tiare_membership_init_rest_api_register' /path/to/wp-content/plugins/tiare-membership/

• wordpress / logs: Monitor WordPress access logs for POST requests to /wp-json/tiare-membership/v1/register with suspicious parameters, particularly those attempting to set the role to 'administrator'. • generic web: Check for unusual user registration patterns via curl:

curl -X POST -d 'username=test&[email protected]&role=administrator' http://your-wordpress-site.com/wp-json/tiare-membership/v1/register

Tiare Membership <= 1.2 - Escalada de Privilégios Não Autenticada

Impacto e Cenários de Ataque

Contexto de Exploração

Quem Está em Riscotraduzindo…

Passos de Detecçãotraduzindo…

Linha do Tempo do Ataque

Inteligência de Ameaças

Software Afetado

Classificação de Fraqueza (CWE)

Linha do tempo

Mitigação e Soluções Alternativas

Como corrigir

Boletim de Segurança CVE

Perguntas frequentestraduzindo…

What is CVE-2025-13540 — Privilege Escalation in Tiare Membership?

Am I affected by CVE-2025-13540 in Tiare Membership?

How do I fix CVE-2025-13540 in Tiare Membership?

Is CVE-2025-13540 being actively exploited?

Where can I find the official Tiare Membership advisory for CVE-2025-13540?

Seu projeto está afetado?

Detecte esta CVE no seu projeto