CVE-2025-13493
Unauthorized Data Export in WordPress Latest Registered Users Plugin
Publication date: 2026-01-07
Last updated on: 2026-01-07
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rnd_experts | latest_registered_users | to 1.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Latest Registered Users plugin for WordPress (up to version 1.4) and allows unauthorized attackers to export user data without proper authorization or nonce validation. Specifically, the vulnerability is due to missing authorization and nonce checks in the rnd_handle_form_submit function, which is triggered by certain admin_post actions. As a result, unauthenticated attackers can export complete user details (excluding passwords and sensitive tokens) in CSV format by manipulating the 'action' parameter.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of user information, allowing attackers to export complete user details in CSV format without authentication. Although passwords and sensitive tokens are excluded, the exposure of other user data can lead to privacy breaches, potential identity theft, or targeted attacks against users.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthorized, unauthenticated attackers to export complete user details (excluding passwords and sensitive tokens) in CSV format. Such unauthorized data exposure can lead to violations of data protection regulations like GDPR and HIPAA, which require strict controls on personal data access and export. The lack of proper authorization and nonce validation means personal user data could be leaked, potentially resulting in non-compliance with these standards. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for HTTP requests to the WordPress admin-post.php endpoint with the 'action' parameter set to 'my_simple_form' or 'nopriv_my_simple_form', which are used by the vulnerable plugin to export user data. You can use network monitoring tools or web server logs to identify such requests, especially those coming from unauthenticated sources. For example, using command line tools: 1. To search web server logs for suspicious export attempts: grep 'action=my_simple_form' /path/to/access.log 2. Using curl to test if the export endpoint is accessible without authentication: curl -v 'https://yourwordpresssite.com/wp-admin/admin-post.php?action=my_simple_form' 3. Using network monitoring tools like tcpdump or Wireshark to filter HTTP POST requests to admin-post.php with the action parameter. These commands help detect attempts to exploit the vulnerability by unauthorized export of user data. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Update the Latest Registered Users plugin to a version that fixes the vulnerability, if available. 2. If no patch is available, disable or remove the plugin to prevent unauthorized data export. 3. Restrict access to the admin-post.php endpoint with the 'action=my_simple_form' and 'action=nopriv_my_simple_form' parameters by implementing access controls such as IP whitelisting or authentication checks. 4. Monitor logs for suspicious export attempts and block offending IPs. 5. Review and tighten WordPress user permissions and capabilities to ensure only authorized users can access export functionality. These steps help prevent unauthenticated attackers from exploiting the missing authorization and nonce validation in the plugin's export feature. [3]