Vulnerabilities

CVE-2025-10648

by Fred · 15/10/2025

The YourMembership Single Sign On – YM SSO Login plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘moym_display_test_attributes’ function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to read the profile data of the latest SSO login.

More information : https://plugins.trac.wordpress.org/browser/login-with-yourmembership/trunk/class-moym-sso.php#L112

Similar

Tags: Cybersecurity Alert