CVE-2025-1671

CRITICAL Year: 2025
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-288
View all →

Vulnerability Description

The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. This is due to the academist_membership_check_facebook_user() function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as any user, including site administrators.

Related Vulnerabilities

CVE-2017-5174

CRITICAL
CVSS:9.8(Critical)

An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architectur...

CWE-2882017

CVE-2017-9944

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticate...

CWE-2882017

CVE-2018-17918

CRITICAL
CVSS:9.8(Critical)

Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page.

CWE-2882018

CVE-2018-4852

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mech...

CWE-2882018

CVE-2018-8859

CRITICAL
CVSS:9.8(Critical)

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specifi...

CWE-2882018

CVE-2019-18250

CRITICAL
CVSS:9.8(Critical)

In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authen...

CWE-2882019