Overview
A critical security vulnerability, identified as CVE-2025-13540, has been discovered in the Tiare Membership plugin for WordPress. This vulnerability allows unauthenticated attackers to escalate their privileges and gain full administrator access to affected WordPress websites. This affects all versions up to and including 1.2 of the Tiare Membership plugin.
Technical Details
The vulnerability stems from the improperly secured tiare_membership_init_rest_api_register function within the Tiare Membership plugin. This function is responsible for handling user registration via the WordPress REST API. Critically, it fails to adequately restrict which user roles a new user can register with.
An attacker can exploit this flaw by crafting a malicious registration request via the REST API, specifically supplying the administrator role during the registration process. Because the plugin doesn’t perform sufficient authorization checks, the attacker’s account is created with administrator privileges, granting them complete control over the WordPress site.
CVSS Analysis
This vulnerability has been assigned a CRITICAL CVSS score of 9.8.
- CVSS Score: 9.8
- Vector String: (We don’t have the full vector string but this is a common case for privilege escalation)
This high score reflects the severe impact of the vulnerability, as successful exploitation leads to complete system compromise.
Possible Impact
Successful exploitation of this vulnerability can have devastating consequences for affected websites, including:
- Complete website takeover: Attackers gain full control over the WordPress installation.
- Data theft and manipulation: Sensitive data, including user information, can be stolen or modified.
- Malware injection: The website can be used to distribute malware to visitors.
- Defacement: The website can be defaced, damaging the brand’s reputation.
- Denial of service: The website can be rendered unavailable to legitimate users.
Mitigation or Patch Steps
The most effective way to mitigate this vulnerability is to immediately update the Tiare Membership plugin to the latest version, if a patched version is available. Check the plugin developer’s website or the WordPress plugin repository for updates. If an update is not yet available, consider temporarily disabling the Tiare Membership plugin until a patch is released.
As a temporary workaround (use with caution and understand the risks), you can implement the following measures:
- Restrict Access to the WordPress REST API: Implement security rules to limit access to the
/wp-json/endpoint from untrusted networks. - Monitor User Registrations: Closely monitor new user registrations for suspicious activity.
- Implement a Web Application Firewall (WAF): A WAF can help to detect and block malicious requests targeting this vulnerability.
Please note these workarounds are not ideal. Updating the plugin is the best solution.
