Tiare Membership

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The Tiare Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. This is due to the 'tiare_membership_init_rest_api_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.

AI Analysis

Unauthenticated Privilege Escalation vulnerability in Tiare Membership plugin for WordPress due to insufficient role restrictions during registration.

Basic Information

ID CVE-2025-13540

Source Wordfence

Published Nov 27, 2025 at 04:36

Affected Product

Vendor Qode Interactive

Product Tiare Membership

Version *

Affected Versions Qode Interactive Tiare Membership *

CWE Classification

CWE-269

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Qode Interactive

Product Tiare Membership

Version 1.2

References

{
    "lastseen": "",
    "description": "The Tiare Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. This is due to the 'tiare_membership_init_rest_api_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.",
    "published": "2025-11-27T04:36:45.313Z",
    "modified": "2025-11-27T04:36:45.313Z",
    "type": "cve",
    "title": "Tiare Membership <= 1.2 - Unauthenticated Privilege Escalation",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cf01a38-1fba-4c93-b3fa-acfdd5b19410?source=cve\nhttps://themeforest.net/item/tiare-wedding-vendor-directory-theme/26589165?s_rank=1",
    "id": "CVE-2025-13540",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "Qode Interactive Tiare Membership *",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Tiare Membership",
    "version": "*",
    "vendor": "Qode Interactive",
    "ai_description": "Unauthenticated Privilege Escalation vulnerability in Tiare Membership plugin for WordPress due to insufficient role restrictions during registration.",
    "ai_severity": "Critical",
    "ai_vendor": "Qode Interactive",
    "ai_product": "Tiare Membership",
    "ai_version": "1.2",
    "ai_score": 9.8
}

Tiare Membership <= 1.2 - Unauthenticated Privilege Escalation_CVE-2025-13540