{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-3278", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-04-04T14:25:07.846Z", "datePublished": "2025-04-19T02:22:33.746Z", "dateUpdated": "2026-04-08T17:06:56.168Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:06:56.168Z"}, "affected": [{"vendor": "Edge-Themes", "product": "UrbanGo Membership", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_register_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role."}], "title": "UrbanGo Membership <= 1.0.4 - Unauthenticated Privilege Escalation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/913ffe0c-c8f8-4cda-be9a-96c056d4c4a8?source=cve"}, {"url": "https://themeforest.net/item/urbango-directory-and-listing-wordpress-theme/22712624"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management", "cweId": "CWE-269", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Alyudin Nafiie"}], "timeline": [{"time": "2025-04-18T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-21T02:46:58.086151Z", "id": "CVE-2025-3278", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T02:47:09.027Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3278", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-21T02:46:58.086151Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T02:47:05.322Z"}}], "cna": {"title": "UrbanGo Membership <= 1.0.4 - Unauthenticated Privilege Escalation", "credits": [{"lang": "en", "type": "finder", "value": "Alyudin Nafiie"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "Edge-Themes", "product": "UrbanGo Membership", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.0.4"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-18T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/913ffe0c-c8f8-4cda-be9a-96c056d4c4a8?source=cve"}, {"url": "https://themeforest.net/item/urbango-directory-and-listing-wordpress-theme/22712624"}], "descriptions": [{"lang": "en", "value": "The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_register_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-04-19T02:22:33.746Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3278", "state": "PUBLISHED", "dateUpdated": "2025-04-21T02:47:09.027Z", "dateReserved": "2025-04-04T14:25:07.846Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-04-19T02:22:33.746Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_register_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role."}, {"lang": "es", "value": "El complemento UrbanGo Membership para WordPress es vulnerable a la escalada de privilegios en versiones hasta la 1.0.4 incluida. Esto se debe a que el complemento permite a los usuarios que registran nuevas cuentas configurar su propio rol o proporcionar el campo \"user_register_role\". Esto permite que atacantes no autenticados obtengan privilegios elevados creando una cuenta con el rol de administrador."}], "id": "CVE-2025-3278", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-04-19T03:15:13.730", "references": [{"source": "security@wordfence.com", "url": "https://themeforest.net/item/urbango-directory-and-listing-wordpress-theme/22712624"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/913ffe0c-c8f8-4cda-be9a-96c056d4c4a8?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T21:15:06.149992+00:00", "value": {"mitigation_remediation": ["Install the latest UrbanGo Membership plugin version (any version newer than 1.0.4) which removes the ability to set role during public registration, or disable public registration entirely.", "If upgrading is not possible, edit the plugin\u2019s registration handler to discard the \"user_register_role\" field or enforce the default role, ensuring that new accounts default to the least privileged role (e.g., Subscriber).", "Harden WordPress by restricting role assignment to administrators only; disable user role editing via the front\u2011end and confirm that the plugin does not override WordPress\u2019s role management."], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Affected systems are WordPress sites that have the Edge\u2011Themes UrbanGo Membership plugin installed in version 1.0.4 or earlier. The vulnerability is present regardless of the overall WordPress version since it relies solely on the plugin's registration handling.", "description_and_impact": "The vulnerability exists in UrbanGo Membership plugin for WordPress versions up to 1.0.4. During account registration, the plugin accepts a \"user_register_role\" field that allows the registrant to specify their role. An attacker who has no authentication can therefore create an account with the administrator role, giving full control over the WordPress site. This flaw leads to privilege escalation. CWE\u2011269 is an Elevation of Privilege weakness.", "risk_and_exploitability": "The CVSS score of 9.8 places this flaw in the critical severity range, while the EPSS score of less than 1% indicates that, at present, it is not a common exploitation vector. However, because the exploit only requires submitting a normal registration form, an attacker could create a privileged account without needing any additional access or advanced skills, making the risk significant. The vulnerability is not yet listed in the CISA KEV catalog, but admins should act promptly. The likely attack vector is an unauthenticated user sending a registration request with a crafted \"user_register_role\" value; no authentication or exploitation prerequisites beyond the form submission are required."}}}}, "created": "2025-07-12T23:06:31.226061+00:00", "updated": "2026-04-21T21:15:45.453639+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}