CVE-2025-13313
BaseFortify
Publication date: 2025-12-05
Last updated on: 2026-04-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ntzapps | crm_memberships | 2.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthenticated attackers to reset arbitrary user passwords and gain unauthorized access to user accounts by exploiting missing authorization and authentication checks. Such unauthorized access and potential exposure of user email addresses can lead to violations of data protection regulations like GDPR and HIPAA, which require safeguarding personal data and ensuring proper access controls. Therefore, this vulnerability negatively impacts compliance with these common standards and regulations by risking unauthorized access to sensitive user information. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized or suspicious requests to the `ntzcrm_changepassword` AJAX endpoint and the `ntzcrm_get_users` endpoint on the WordPress site running the CRM Memberships plugin version 2.5 or earlier. Specifically, look for unauthenticated POST requests to `ntzcrm_changepassword` attempting to reset passwords, and GET requests to `ntzcrm_get_users` that enumerate subscriber email addresses. Commands to detect such activity could include using web server access logs or network monitoring tools to filter requests. For example, using grep on Apache or Nginx logs: `grep 'ntzcrm_changepassword' /var/log/apache2/access.log` or `grep 'ntzcrm_get_users' /var/log/nginx/access.log`. Additionally, monitoring for unusual password reset activity or spikes in password changes via these endpoints could indicate exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the CRM Memberships WordPress plugin to a version later than 2.5 where this vulnerability is fixed. If an update is not immediately possible, restrict access to the `ntzcrm_changepassword` and `ntzcrm_get_users` AJAX endpoints by implementing authentication and authorization checks, or blocking unauthenticated access via web server rules or firewall. Additionally, monitor logs for suspicious activity targeting these endpoints and consider temporarily disabling the plugin if exploitation is suspected. [1]
Can you explain this vulnerability to me?
This vulnerability exists in the CRM Memberships plugin for WordPress up to version 2.5. It allows unauthenticated attackers to escalate privileges by exploiting missing authorization and authentication checks on the 'ntzcrm_changepassword' AJAX action. Attackers can reset arbitrary user passwords and gain unauthorized access to user accounts if they can obtain or enumerate the target user's email address. Additionally, the plugin exposes the 'ntzcrm_get_users' endpoint without authentication, enabling attackers to enumerate subscriber email addresses, which facilitates the password reset exploitation.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to user accounts by allowing attackers to reset passwords without proper authentication. This can result in full compromise of user accounts, potentially leading to data theft, unauthorized actions within the application, and overall loss of control over the affected WordPress site.