Privilege Escalation Vulnerability in NotFound WP User Profiles Plugin
CVE-2025-31524

8.8HIGH

Key Information:

Vendor: WordPress
Status: WP User Profiles
Vendor: CVE Published:; 10 April 2025

Summary

The NotFound WP User Profiles plugin is susceptible to an Incorrect Privilege Assignment vulnerability that can lead to privilege escalation. This flaw affects versions from n/a through 2.6.2, allowing unauthorized users to gain elevated privileges which could expose sensitive user information and compromise site security. It is crucial for site administrators to review their installations and apply necessary updates to mitigate potential risks associated with this vulnerability.

Affected Version(s)

WP User Profiles <= 2.6.2

References

https://patchstack.com/database/wordpress/plugin/wp-users...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 10, 2025