FS Registration Password

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

AI Analysis

Unauthenticated privilege escalation via account takeover due to improper password validation

Basic Information

ID CVE-2025-15001

Source Wordfence

Published Jan 6, 2026 at 04:31

Affected Product

Vendor fsylum

Product FS Registration Password

Version *

Affected Versions fsylum FS Registration Password *

CWE Classification

CWE-639

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor fsylum

Product FS Registration Password

Version 1.0.1

References

{
    "lastseen": "",
    "description": "The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.",
    "published": "2026-01-06T04:31:55.460Z",
    "modified": "2026-01-06T04:31:55.460Z",
    "type": "cve",
    "title": "FS Registration Password <= 1.0.1 - Unauthenticated Privilege Escalation via Account Takeover",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/22351b90-fc34-44ce-9241-4a0f01eb7b1c?source=cve\nhttps://plugins.trac.wordpress.org/browser/registration-password/tags/1.0.1/src/WP/Auth.php\nhttps://plugins.trac.wordpress.org/changeset/3431651/registration-password",
    "id": "CVE-2025-15001",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "fsylum FS Registration Password *",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FS Registration Password",
    "version": "*",
    "vendor": "fsylum",
    "ai_description": "Unauthenticated privilege escalation via account takeover due to improper password validation",
    "ai_severity": "Critical",
    "ai_vendor": "fsylum",
    "ai_product": "FS Registration Password",
    "ai_version": "1.0.1",
    "ai_score": 9.8
}

FS Registration Password <= 1.0.1 - Unauthenticated Privilege Escalation via Account Takeover_CVE-2025-15001