{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13540", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-11-22T06:08:44.380Z", "datePublished": "2025-11-27T04:36:45.313Z", "dateUpdated": "2026-04-08T16:59:18.911Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:59:18.911Z"}, "affected": [{"vendor": "Qode Interactive", "product": "Tiare Membership", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Tiare Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. This is due to the 'tiare_membership_init_rest_api_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site."}], "title": "Tiare Membership <= 1.2 - Unauthenticated Privilege Escalation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cf01a38-1fba-4c93-b3fa-acfdd5b19410?source=cve"}, {"url": "https://themeforest.net/item/tiare-wedding-vendor-directory-theme/26589165?s_rank=1"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management", "cweId": "CWE-269", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Ismail Syaleh"}], "timeline": [{"time": "2025-11-26T16:25:27.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-28T14:42:05.226624Z", "id": "CVE-2025-13540", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-28T19:33:00.873Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13540", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-11-28T14:42:05.226624Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-28T14:42:06.127Z"}}], "cna": {"title": "Tiare Membership <= 1.2 - Unauthenticated Privilege Escalation", "credits": [{"lang": "en", "type": "finder", "value": "Ismail Syaleh"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "Qode Interactive", "product": "Tiare Membership", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-11-26T16:25:27.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cf01a38-1fba-4c93-b3fa-acfdd5b19410?source=cve"}, {"url": "https://themeforest.net/item/tiare-wedding-vendor-directory-theme/26589165?s_rank=1"}], "descriptions": [{"lang": "en", "value": "The Tiare Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. This is due to the 'tiare_membership_init_rest_api_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:59:18.911Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13540", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:59:18.911Z", "dateReserved": "2025-11-22T06:08:44.380Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-27T04:36:45.313Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Tiare Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. This is due to the 'tiare_membership_init_rest_api_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site."}], "id": "CVE-2025-13540", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-27T05:16:14.293", "references": [{"source": "security@wordfence.com", "url": "https://themeforest.net/item/tiare-wedding-vendor-directory-theme/26589165?s_rank=1"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cf01a38-1fba-4c93-b3fa-acfdd5b19410?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T17:55:44.421173+00:00", "value": {"mitigation_remediation": ["Update the Tiare Membership plugin to a patched version newer than 1.2 or remove the plugin if an update is not available", "If a newer version cannot be installed, disable the public registration API \u2013 for example by adding a filter that blocks any role assignment other than default or by turning off the REST endpoint entirely", "After applying the fix, audit the existing user database to ensure that no unintended administrator accounts were created from unauthenticated registrations"], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation to Administrator"}, "threat_synthesis": {"affected_systems": "The bug affects all releases of the Tiare Membership plugin up to and including version 1.2, distributed by Qode Interactive. The impacted systems are WordPress installations that have the vulnerable plugin installed and active, regardless of site size or owner.", "description_and_impact": "The Tiare Membership plugin for WordPress contains a flaw that allows an unauthenticated user to assign the administrator role during the registration process. The vulnerability arises from the \u2018tiare_membership_init_rest_api_register\u2019 function failing to restrict which user roles may be registered. As a result, an attacker can obtain full administrative control of the WordPress site, compromising confidentiality, integrity, and availability of all site data and functions.", "risk_and_exploitability": "The CVSS score of 9.8 reflects a severe vulnerability that can be exploited remotely with no authentication. The EPSS score of less than 1% indicates that while exploitation is technically possible, it is unlikely to be widely seen in the wild; nevertheless the potential impact is catastrophic. The vulnerability is not listed in the CISA KEV catalog, but the risk remains high because unauthenticated attackers can elevate to administrator without any additional privileges. The likely attack vector is a simple POST request to the registration endpoint, supplied with a payload that sets the role field to administrator."}}}}, "created": "2025-11-27T16:26:36.690280+00:00", "updated": "2026-04-21T18:00:11.736020+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}