{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15027", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-22T12:25:27.079Z", "datePublished": "2026-02-08T01:22:56.026Z", "dateUpdated": "2026-04-08T17:15:55.558Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:15:55.558Z"}, "affected": [{"vendor": "jayarsiech", "product": "JAY Login & Register", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.6.03", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_login_register_ajax_create_final_user' function. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator."}], "title": "JAY Login & Register <= 2.6.03 - Unauthenticated Privilege Escalation via jay_login_register_ajax_create_final_user", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b08198a6-10e8-44ca-a1c5-8d987d85c469?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/jay-login-register/tags/2.5.01/includes/jay-login-register-ajax-handler.php#L788"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management", "cweId": "CWE-269", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "andrea bocchetti"}], "timeline": [{"time": "2026-02-07T12:43:54.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-09T15:19:05.887217Z", "id": "CVE-2025-15027", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T15:19:36.804Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15027", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-09T15:19:05.887217Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T15:19:28.227Z"}}], "cna": {"title": "JAY Login & Register <= 2.6.03 - Unauthenticated Privilege Escalation via jay_login_register_ajax_create_final_user", "credits": [{"lang": "en", "type": "finder", "value": "andrea bocchetti"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "jayarsiech", "product": "JAY Login & Register", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.6.03"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-07T12:43:54.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b08198a6-10e8-44ca-a1c5-8d987d85c469?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/jay-login-register/tags/2.5.01/includes/jay-login-register-ajax-handler.php#L788"}], "descriptions": [{"lang": "en", "value": "The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_login_register_ajax_create_final_user' function. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:15:55.558Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15027", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:15:55.558Z", "dateReserved": "2025-12-22T12:25:27.079Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-08T01:22:56.026Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_login_register_ajax_create_final_user' function. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator."}, {"lang": "es", "value": "El plugin JAY Login &amp; Register para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 2.6.03, inclusive. Esto se debe a que el plugin permite a un usuario actualizar metadatos de usuario arbitrarios a trav\u00e9s de la funci\u00f3n 'jay_login_register_ajax_create_final_user'. Esto hace posible que atacantes no autenticados eleven sus privilegios al de un administrador."}], "id": "CVE-2025-15027", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-08T02:15:56.507", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/jay-login-register/tags/2.5.01/includes/jay-login-register-ajax-handler.php#L788"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b08198a6-10e8-44ca-a1c5-8d987d85c469?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T20:56:32.680790+00:00", "value": {"mitigation_remediation": ["Update the JAY Login & Register plugin to the latest release that removes the unauthenticated privilege escalation flaw.", "Modify or remove the 'jay_login_register_ajax_create_final_user' AJAX endpoint so that it requires authentication before accepting user meta changes.", "After addressing the plugin, reset passwords for all user accounts and revoke any accounts that may have been compromised."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "WordPress sites using the JAY Login & Register plugin version 2.6.03 or earlier are affected. All installations that have not upgraded beyond this version are vulnerable.", "description_and_impact": "The JAY Login & Register plugin for WordPress contains a flaw that lets unauthenticated users modify any user\u2019s metadata via the ajax endpoint 'jay_login_register_ajax_create_final_user'. Because this endpoint lacks proper authentication checks, an attacker can elevate the account\u2019s role to administrator, giving full control of the site. This results in potential data compromise, site tampering, and further exploitation.", "risk_and_exploitability": "With a CVSS base score of 9.8 the vulnerability is critical, yet the EPSS score of less than 1% indicates currently low exploitation probability. It is not yet catalogued in the CISA KEV database. The likely attack path involves sending an unauthenticated HTTP request to the AJAX endpoint to alter a target user\u2019s metadata and gain administrator privileges."}}}}, "created": "2026-02-09T10:39:37.975971+00:00", "updated": "2026-04-20T21:00:12.965129+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}