CVE-2025-10038

MEDIUM
2025-10-15 [email protected]
6.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Apr 08, 2026 - 18:38 vuln.today
CVE Published
Oct 15, 2025 - 09:15 nvd
MEDIUM 6.5

Tags

Privilege Escalation WordPress

Description

The Binary MLM Plan plugin for WordPress is vulnerable to limited Privilege Escalation in all versions up to, and including, 3.0. This is due to bmp_user role granting all users with the manage_bmp capability by default upon registration through the plugin's form. This makes it possible for unauthenticated attackers to register and manage the plugin's settings.

Analysis

Binary MLM Plan plugin for WordPress versions up to 3.0 grants the manage_bmp capability to all users upon registration, allowing unauthenticated attackers to register via the plugin's form and immediately escalate privileges to manage plugin settings. This privilege escalation affects all installations with the vulnerable plugin active, with a CVSS score of 6.5 reflecting moderate confidentiality and integrity impact. No public exploit code or active exploitation has been confirmed at the time of analysis.

Technical Context

The vulnerability stems from improper privilege management during user registration (CWE-266: Improper Privilege Assignment). The Binary MLM Plan plugin uses a custom WordPress role, bmp_user, which is assigned the manage_bmp capability by default when any user registers through the plugin's registration form. In WordPress, capabilities are typically restricted to authenticated administrators; however, this implementation grants management capabilities to newly registered users automatically. The affected code paths include the role assignment logic in class-bmp-admin-menus.php and the hook functions in bmp-hook-functions.php, as evidenced by the changeset comparisons between version 3.0 and version 5.0. The vulnerability affects the Binary MLM Plan plugin across all versions including and prior to version 3.0, identified via CPE wordpress#binary-mlm-plan plugin.

Affected Products

The Binary MLM Plan plugin for WordPress is affected in all versions up to and including version 3.0. The vendor released a patched version 5.0, as evidenced by the changeset comparisons provided by the WordPress plugins repository. Affected installations can be identified by the presence of the binary-mlm-plan plugin with a version number less than or equal to 3.0 in their WordPress plugin directory. The plugin's public repository is available at https://wordpress.org/plugins/binary-mlm-plan/.

Remediation

The primary remediation is to upgrade the Binary MLM Plan plugin to version 5.0 or later, which contains fixes to the role assignment logic and removes the automatic grant of manage_bmp capability upon registration. Site administrators should immediately visit their WordPress admin dashboard, navigate to Plugins, and update the Binary MLM Plan plugin to the latest available version. If immediate patching is not feasible, administrators should disable the plugin's registration form or restrict access to the plugin's settings pages using alternative authentication mechanisms until an upgrade is completed. For additional details and confirmation of the patch, refer to the official plugin repository and the Wordfence vulnerability advisory at https://www.wordfence.com/threat-intel/vulnerabilities/id/7951c8e4-b610-4cc4-ab27-4cfa78d72302.

Priority Score

32
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +32
POC: 0

Share

CVE-2025-10038 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy