Mementor Core

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

The Mementor Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.5. This is due to plugin not properly handling the user switch back function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges by accessing an administrator account through the switch back functionality.

AI Analysis

Privilege Escalation vulnerability in Mementor Core plugin due to improper handling of user switch back function

Basic Information

ID CVE-2025-11168

Source Wordfence

Published Nov 11, 2025 at 03:30

Affected Product

Vendor mvirik

Product Mementor Core

Version *

Affected Versions mvirik Mementor Core *

CWE Classification

CWE-269

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor mvirik

Product Mementor Core

Version 2.2.5

References

{
    "lastseen": "",
    "description": "The Mementor Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.5. This is due to plugin not properly handling the user switch back function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges by accessing an administrator account through the switch back functionality.",
    "published": "2025-11-11T03:30:33.945Z",
    "modified": "2025-11-11T03:30:33.945Z",
    "type": "cve",
    "title": "Mementor Core <= 2.2.5 - Authenticated (Subscriber+) Privilege Escalation",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2460e7c4-76dc-4bc3-bc06-b52df64f5353?source=cve\nhttp://plugins.trac.wordpress.org/browser/mementor-core/trunk/inc/functions.php#L1033\nhttps://wordpress.org/plugins/mementor-core/",
    "id": "CVE-2025-11168",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "mvirik Mementor Core *",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Mementor Core",
    "version": "*",
    "vendor": "mvirik",
    "ai_description": "Privilege Escalation vulnerability in Mementor Core plugin due to improper handling of user switch back function",
    "ai_severity": "High",
    "ai_vendor": "mvirik",
    "ai_product": "Mementor Core",
    "ai_version": "2.2.5",
    "ai_score": 8.8
}

Mementor Core <= 2.2.5 - Authenticated (Subscriber+) Privilege Escalation_CVE-2025-11168