CVE-2025-14996
Unknown Unknown - Not Provided
Privilege Escalation in AS Password Field Plugin via Account Takeover

Publication date: 2026-01-06

Last updated on: 2026-01-06

Assigner: Wordfence

Description
The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-06
Last Modified
2026-01-06
Generated
2026-05-07
AI Q&A
2026-01-06
EPSS Evaluated
2026-05-05
NVD
CVE-2025-14996
EUVD
EUVD-2026-1078
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
akshar_soft_solutions as_password_field_in_default_registration_form to 2.0.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the AS Password Field In Default Registration Form WordPress plugin up to version 2.0.0. It allows unauthenticated attackers to escalate privileges by taking over accounts. The plugin adds a password field to the registration form and overrides the default random password generation with the user-supplied password without properly validating the user's identity before allowing password updates. This flaw enables attackers to change any user's password, including administrators, thereby gaining unauthorized access to those accounts. [1]


How can this vulnerability impact me? :

The vulnerability can have severe impacts as it allows attackers to change passwords of arbitrary users without authentication. This includes administrator accounts, which means attackers can gain full control over the affected WordPress site. Such unauthorized access can lead to data breaches, site defacement, loss of data integrity, and potential further exploitation of the compromised system. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection can focus on monitoring HTTP POST requests to the WordPress registration endpoint that include the parameter 'as_user_password'. Inspecting web server logs or using tools like curl or wget to simulate registration attempts with this parameter may help identify exploitation attempts. For example, a command to test might be: curl -X POST -d "user_login=testuser&[email protected]&as_user_password=Password123" https://yourwordpresssite.com/wp-login.php?action=register. Additionally, reviewing user password changes without proper authentication could indicate exploitation. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include updating or removing the vulnerable 'AS Password Field In Default Registration Form' plugin if an update fixing the issue is available. If no patch exists, disable or uninstall the plugin to prevent exploitation. Additionally, monitor user accounts for unauthorized password changes and enforce strong password policies through other means. Restricting registration or adding additional validation layers can also help reduce risk until a fix is applied. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart