Executive Summary

CVE-2025-10648 is a vulnerability in the YourMembership Single Sign On (SSO) Login plugin for WordPress, where a missing capability check on the 'moym_display_test_attributes' function allows unauthenticated attackers to access profile data of the latest SSO login. Essentially, this means that anyone, even without logging in, can read certain user profile information due to insufficient access control in the plugin.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized disclosure of user profile data from the YourMembership SSO plugin on WordPress sites. An attacker could exploit this to read sensitive profile information without authentication, potentially leading to privacy breaches or further targeted attacks against users of the affected site.

Useful 0 Not Useful 0

Compliance Impact

Unauthorized access to user profile data due to this vulnerability could result in non-compliance with data protection regulations such as GDPR or HIPAA, which require safeguarding personal data against unauthorized access. Exposure of personal information without proper authorization may lead to regulatory penalties and damage to organizational reputation.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if the YourMembership Single Sign On – YM SSO Login plugin for WordPress is installed and running a version up to and including 1.1.7. On the system, you can verify the plugin version in the WordPress plugins directory or admin dashboard. Additionally, monitoring HTTP requests for access to the 'moym_display_test_attributes' function or related GET parameters such as 'option' containing 'moymsso' or 'code' may indicate exploitation attempts. Specific commands to check the plugin version include: 1) On the server, list the plugin directory and check the version in the plugin's main file header or readme.txt, e.g., `grep 'Version' wp-content/plugins/yourmembership-sso-login/yourmembership-sso-login.php`. 2) Use WP-CLI to list plugins and their versions: `wp plugin list | grep yourmembership`. 3) Monitor web server logs for suspicious GET requests containing 'moymsso' or 'code' parameters, e.g., `grep -i 'moymsso' /var/log/apache2/access.log` or `grep -i 'code=' /var/log/apache2/access.log`. [2]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include updating the YourMembership Single Sign On – YM SSO Login plugin to a version later than 1.1.7 where the missing capability check on the 'moym_display_test_attributes' function is fixed. If an update is not available, temporarily disable the plugin to prevent unauthorized access. Additionally, restrict access to the vulnerable function by implementing capability checks or access controls in the plugin code. Monitoring and blocking suspicious requests targeting the 'moym_display_test_attributes' function or related GET parameters can also help reduce risk. [2]

Useful 0 Not Useful 0