CVE-2025-1671
Published: 01 March 2025
Summary
CVE-2025-1671 is a critical-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Themeforest (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-12 (Identity Proofing) and IA-8 (Identification and Authentication (Non-organizational Users)).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates robust identification and authentication for non-organizational users, directly countering the plugin's failure to verify identity in the Facebook authentication function allowing unauthenticated privilege escalation.
Requires identity proofing prior to authentication or account association, addressing the core flaw of inadequate user identity verification before granting access as any user including administrators.
Ensures timely flaw remediation in software components like the vulnerable WordPress plugin, preventing exploitation of the privilege escalation vulnerability through patching.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Auth bypass in public-facing WordPress plugin enables unauthenticated network login as any user (incl. admins), directly facilitating T1190 (public app exploitation) and T1068 (priv esc via vuln).
NVD Description
The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. This is due to the academist_membership_check_facebook_user() function not properly verifying a user's identity prior to authenticating them. This makes it possible…
more
for unauthenticated attackers to log in as any user, including site administrators.
Deeper analysisAI
CVE-2025-1671 is a privilege escalation vulnerability in the Academist Membership plugin for WordPress, affecting all versions up to and including 1.1.6. The flaw arises in the academist_membership_check_facebook_user() function, which does not properly verify a user's identity before authenticating them. Published on 2025-03-01, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-288.
Unauthenticated attackers can exploit this vulnerability over the network with low attack complexity and no user interaction or privileges required. Exploitation enables attackers to log in as any user, including site administrators, granting high levels of confidentiality, integrity, and availability impact.
Advisories provide further details, including the Wordfence threat intelligence report at https://www.wordfence.com/threat-intel/vulnerabilities/id/911a9550-1f62-4f28-9d8c-00d9769949c9?source=cve and the plugin listing on ThemeForest at https://themeforest.net/item/academist-a-modern-learning-management-system-and-education-theme/22376830.
Details
- CWE(s)