Mentoring

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoring_process_registration() function. This makes it possible for unauthenticated attackers to register with administrator-level user accounts.

AI Analysis

Unauthenticated privilege escalation vulnerability in the Mentoring plugin for WordPress due to improper role restriction in the mentoring_process_registration() function.

Basic Information

ID CVE-2025-13618

Source Wordfence

Published May 5, 2026 at 02:26

Affected Product

Vendor dreamstechnologies

Product Mentoring

Affected Versions dreamstechnologies Mentoring 0

CWE Classification

CWE-269

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Dreamstechnologies

Product Mentoring

Version <= 1.2.8

References

{
    "lastseen": "",
    "description": "The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoring_process_registration() function. This makes it possible for unauthenticated attackers to register with administrator-level user accounts.",
    "published": "2026-05-05T02:26:55.265Z",
    "modified": "2026-05-05T02:26:55.265Z",
    "type": "cve",
    "title": "Mentoring <= 1.2.8 - Unauthenticated Privilege Escalation in mentoring_process_registration",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7192fb4c-0434-4e11-a2a7-c205b8d6b68e?source=cve\nhttps://themeforest.net/item/mentoring-education-wordpress-theme/36457081\nhttps://mentoring-wp.dreamstechnologies.com/documentation/changelog.html",
    "id": "CVE-2025-13618",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "dreamstechnologies Mentoring 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Mentoring",
    "version": "0",
    "vendor": "dreamstechnologies",
    "ai_description": "Unauthenticated privilege escalation vulnerability in the Mentoring plugin for WordPress due to improper role restriction in the mentoring_process_registration() function.",
    "ai_severity": "Critical",
    "ai_vendor": "Dreamstechnologies",
    "ai_product": "Mentoring",
    "ai_version": "<= 1.2.8",
    "ai_score": 9.8
}

Mentoring <= 1.2.8 - Unauthenticated Privilege Escalation in mentoring_process_registration_CVE-2025-13618