CVE-2025-13312
BaseFortify
Publication date: 2025-12-05
Last updated on: 2025-12-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | crm_memberships | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the CRM Memberships plugin for WordPress allows unauthenticated attackers to create arbitrary membership tags and modify CRM configuration because the 'ntzcrm_add_new_tag' function lacks a proper capability check. This means anyone can add or change membership tags without needing administrator permissions.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing unauthorized users to modify membership tags and CRM settings, potentially leading to unauthorized access control changes or manipulation of membership data, which could disrupt normal operations or lead to further exploitation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on monitoring unauthorized API calls to the vulnerable AJAX endpoints exposed by the crm-memberships plugin, especially calls to 'ntzcrm_add_new_tag' or other tag creation/update endpoints without proper authentication. Network or web server logs can be searched for POST requests to these AJAX actions. For example, using grep on web server logs: grep 'wp-admin/admin-ajax.php' /path/to/access.log | grep -E 'ntzcrm_add_new_tag|ntzcrm_create_user|ntzcrm_update_user_tags'. Additionally, monitoring for unexpected membership tag creation or modification in the WordPress admin or database may indicate exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the crm-memberships plugin to a version later than 2.5 where the vulnerability is fixed. If an update is not available, restrict access to the vulnerable AJAX endpoints by implementing firewall rules or web application firewall (WAF) rules to block unauthenticated requests to 'ntzcrm_add_new_tag' and related API endpoints. Additionally, review and tighten capability checks in the plugin code to ensure only authorized users can create or modify membership tags. Monitoring and alerting on suspicious API usage is also recommended. [2]