How severe is CVE-2025-3282?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2025-3282?

This is classified as CWE-639, which is a common weakness in software security.

CVE-2025-3282 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_membership_register_member() due to missing validation on the 'membership_id' user controlled key. This makes it possible for unauthenticated attackers to update any user's membership to any other active or non-active membership type.

Related Vulnerabilities

CVE-2018-10211

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultize_session_id" value in a cookie.

CWE-6392018

CVE-2018-18976

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud pla...

CWE-6392018

CVE-2019-15581

MEDIUM

CVSS:5.3(Medium)

An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via...

CWE-6392019

CVE-2019-15582

MEDIUM

CVSS:5.3(Medium)

An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.

CWE-6392019

CVE-2019-7864

MEDIUM

CVSS:5.3(Medium)

An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized a...

CWE-6392019

CVE-2019-9170

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.

CWE-6392019