{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1671", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-24T21:51:36.610Z", "datePublished": "2025-03-01T07:24:04.682Z", "dateUpdated": "2026-04-08T17:06:54.805Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:06:54.805Z"}, "affected": [{"vendor": "Elated-Themes", "product": "Academist Membership", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. This is due to the academist_membership_check_facebook_user() function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as any user, including site administrators."}], "title": "Academist Membership <= 1.1.6 - Authentication Bypass via Account Takeover", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/911a9550-1f62-4f28-9d8c-00d9769949c9?source=cve"}, {"url": "https://themeforest.net/item/academist-a-modern-learning-management-system-and-education-theme/22376830"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "cweId": "CWE-288", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Tonn"}], "timeline": [{"time": "2025-02-28T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-03T20:55:27.958074Z", "id": "CVE-2025-1671", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-03T20:56:52.336Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1671", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-03T20:55:27.958074Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-03T20:55:29.221Z"}}], "cna": {"title": "Academist Membership <= 1.1.6 - Authentication Bypass via Account Takeover", "credits": [{"lang": "en", "type": "finder", "value": "Tonn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "Elated-Themes", "product": "Academist Membership", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1.6"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-02-28T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/911a9550-1f62-4f28-9d8c-00d9769949c9?source=cve"}, {"url": "https://themeforest.net/item/academist-a-modern-learning-management-system-and-education-theme/22376830"}], "descriptions": [{"lang": "en", "value": "The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. This is due to the academist_membership_check_facebook_user() function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as any user, including site administrators."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:06:54.805Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1671", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:06:54.805Z", "dateReserved": "2025-02-24T21:51:36.610Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-01T07:24:04.682Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. This is due to the academist_membership_check_facebook_user() function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as any user, including site administrators."}, {"lang": "es", "value": "El complemento Academist Membership para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 1.1.6 incluida. Esto se debe a que la funci\u00f3n academist_membership_check_facebook_user() no verifica correctamente la identidad de un usuario antes de autenticarlo. Esto hace posible que atacantes no autenticados inicien sesi\u00f3n como cualquier usuario, incluidos los administradores del sitio."}], "id": "CVE-2025-1671", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-03-01T08:15:34.320", "references": [{"source": "security@wordfence.com", "url": "https://themeforest.net/item/academist-a-modern-learning-management-system-and-education-theme/22376830"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/911a9550-1f62-4f28-9d8c-00d9769949c9?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T22:09:20.975467+00:00", "value": {"mitigation_remediation": ["Update Academist Membership to the latest available version that incorporates the fix for the Facebook login verification bug.", "Disable the Facebook login feature within the plugin\u2019s settings until a patched version is deployed to stop unauthenticated attempts to abuse the check function.", "Configure application\u2011level firewall rules that block or rate\u2011limit unauthenticated requests to the plugin\u2019s authentication endpoints, reducing the attack surface while the patch is pending."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation (Authentication Bypass)"}, "threat_synthesis": {"affected_systems": "The affected product is Academist Membership, a WordPress plugin developed by Elated\u2011Themes. All releases up to and including version 1.1.6 are impacted. No specific patch version is listed in the data, but the vulnerability exists in the stated range.", "description_and_impact": "The Academist Membership plugin for WordPress contains a privilege\u2011escalation flaw where the academist_membership_check_facebook_user() function fails to verify a user\u2019s identity before authenticating them. As a result, an unauthenticated attacker can submit a request that emits the same credentials for any target user, including administrators, effectively impersonating that user and gaining full control over the site. The weakness is categorized as CWE\u2011288 and can lead to complete loss of confidentiality, integrity, and discretion of the affected WordPress installation.", "risk_and_exploitability": "The CVSS score of 9.8 indicates this flaw is a critical remote authentication bypass. The EPSS score of < 1% suggests that, while the likelihood of exploitation is currently low, the potential impact is significant enough to warrant prompt action. The vulnerability resides in the web-facing authentication endpoint of the plugin and can be exploited remotely without prior authentication, making it easy for attackers to compromise any site running a vulnerable version. The flaw is not cataloged in the CISA KEV list yet, but its high severity and the lack of active authentication make it a top\u2011priority risk for any affected WordPress site."}}}}, "created": "2026-04-21T22:15:45.903892+00:00", "updated": "2026-04-21T22:15:45.903903+00:00", "vendors": []}