Missing Authorization in Memberful Plugin for WordPress
CVE-2025-58000

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Memberful - Membership Plugin
Vendor: CVE Published:; 22 September 2025

What is CVE-2025-58000?

A missing authorization flaw in the Memberful plugin for WordPress introduces a risk where functionality is not properly constrained by Access Control Lists (ACLs). This vulnerability allows unauthorized users to gain access to restricted actions within the application, potentially compromising sensitive data and user operations. The issue affects versions of Memberful from n/a through 1.75.0. It is crucial for users to update to the latest version and implement appropriate security measures.

Affected Version(s)

Memberful - Membership Plugin 0 <= 1.75.0

References

https://patchstack.com/database/Wordpress/Plugin/memberfu...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 22, 2025
Vulnerability Reserved
Aug 22, 2025

Credit

Nabil Irawan (Patchstack Alliance)

CVE-2025-58000 Data

JSON