{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15100", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-25T18:27:56.480Z", "datePublished": "2026-02-08T01:22:56.646Z", "dateUpdated": "2026-04-08T17:34:33.033Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:34:33.033Z"}, "affected": [{"vendor": "jayarsiech", "product": "JAY Login & Register", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.6.03", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_panel_ajax_update_profile' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator."}], "title": "JAY Login & Register <= 2.6.03 - Authenticated (Subscriber+) Privilege Escalation via jay_panel_ajax_update_profile", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fb900810-23a2-4920-a5e8-4388c4474de0?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/jay-login-register/tags/2.6.01/includes/user-panel/jay-login-register-ajax-handler-user-panel.php#L624"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management", "cweId": "CWE-269", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Sarawut Poolkhet"}], "timeline": [{"time": "2026-02-07T12:47:51.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-09T15:13:03.499017Z", "id": "CVE-2025-15100", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T15:14:43.126Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15100", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-09T15:13:03.499017Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T15:13:22.208Z"}}], "cna": {"title": "JAY Login & Register <= 2.6.03 - Authenticated (Subscriber+) Privilege Escalation via jay_panel_ajax_update_profile", "credits": [{"lang": "en", "type": "finder", "value": "Sarawut Poolkhet"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "jayarsiech", "product": "JAY Login & Register", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.6.03"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-07T12:47:51.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fb900810-23a2-4920-a5e8-4388c4474de0?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/jay-login-register/tags/2.6.01/includes/user-panel/jay-login-register-ajax-handler-user-panel.php#L624"}], "descriptions": [{"lang": "en", "value": "The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_panel_ajax_update_profile' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-02-08T01:22:56.646Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15100", "state": "PUBLISHED", "dateUpdated": "2026-02-09T15:14:43.126Z", "dateReserved": "2025-12-25T18:27:56.480Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-08T01:22:56.646Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_panel_ajax_update_profile' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator."}, {"lang": "es", "value": "El plugin JAY Login &amp; Register para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 2.6.03, inclusive. Esto se debe a que el plugin permite a un usuario actualizar metadatos de usuario arbitrarios a trav\u00e9s de la funci\u00f3n 'jay_panel_ajax_update_profile'. Esto hace posible que atacantes autenticados, con acceso de nivel Suscriptor o superior, eleven sus privilegios al de un administrador."}], "id": "CVE-2025-15100", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-08T02:15:56.680", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/jay-login-register/tags/2.6.01/includes/user-panel/jay-login-register-ajax-handler-user-panel.php#L624"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fb900810-23a2-4920-a5e8-4388c4474de0?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T16:03:31.009786+00:00", "value": {"mitigation_remediation": ["Upgrade the JAY Login & Register plugin to any release newer than 2.6.03", "If an update is unavailable, temporarily disable or remove the jay_panel_ajax_update_profile endpoint from the plugin\u2019s Ajax handlers", "Re\u2011evaluate user roles and reduce the number of subscribers or limit their ability to trigger profile updates; consider tightening the capability checks within the plugin"], "summary": {"action": "Patch Immediately", "impact": "Privilege Escalation to Administrator"}, "threat_synthesis": {"affected_systems": "All installations of the JAY Login & Register WordPress plugin up to and including version 2.6.03 are affected. Users of this plugin, regardless of server environment or WordPress version, must investigate whether they run one of the vulnerable releases.", "description_and_impact": "The vulnerability lies in the jay_panel_ajax_update_profile routine of the JAY Login & Register plugin, which permits any authenticated user with Subscriber-level permissions or higher to modify arbitrary user metadata. This flaw enables a legitimate user to elevate their privileges to that of an Administrator. This flaw corresponds to the weakness defined by CWE\u2011269.", "risk_and_exploitability": "The CVSS score of 8.8 places this issue in the high severity band, indicating significant potential damage if exploited. However, the EPSS score of less than 1% suggests very low current exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. Inferred from the description, the most likely attack vector is via a normal authenticated session using typical WordPress user accounts; the attacker must be able to submit Ajax requests to the plugin endpoint. Once successful, the attacker gains full administrative privileges, enabling unilateral changes to site configuration, data exfiltration, or further malicious actions."}}}}, "created": "2026-02-09T10:40:14.392293+00:00", "updated": "2026-04-21T16:15:40.494632+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}