The YourMembership Single Sign On – YM SSO Login plugin for WordPress, developed by cyberlord92, suffers from a missing authorization check vulnerability identified as CVE-2025-10648 (CWE-862: Missing Authorization). This vulnerability exists in all versions up to and including 1.1.7. Specifically, the function 'moym_display_test_attributes' lacks a capability check, which means that any unauthenticated attacker can invoke this function remotely and retrieve profile data related to the latest SSO login. The vulnerability does not require any privileges or user interaction, making it trivially exploitable over the network. The exposed data is limited to profile information, which may include personally identifiable information or other sensitive user attributes depending on the plugin's configuration and usage. However, the vulnerability does not allow modification or deletion of data, nor does it impact system availability. No patches or updates have been linked yet, and no known exploits have been observed in the wild as of the publication date. The CVSS v3.1 base score is 5.3, reflecting a medium severity due to the ease of exploitation combined with limited confidentiality impact. The vulnerability highlights the importance of proper authorization checks in WordPress plugins, especially those handling authentication and user data.

The primary impact of CVE-2025-10648 is unauthorized disclosure of user profile data from the YourMembership SSO plugin. Organizations using this plugin expose their users' personal information to unauthenticated attackers, which can lead to privacy violations, reputational damage, and potential regulatory non-compliance (e.g., GDPR). While the vulnerability does not allow data modification or service disruption, the leakage of profile data can facilitate further attacks such as social engineering, phishing, or targeted credential stuffing. Membership-based websites, professional associations, and community portals relying on this plugin are particularly vulnerable. The medium CVSS score reflects that while the impact is limited to confidentiality, the ease of exploitation and lack of authentication requirements increase risk. The absence of known exploits in the wild suggests limited active exploitation currently, but the vulnerability should be treated seriously given the sensitive nature of membership data and the widespread use of WordPress globally.

To mitigate CVE-2025-10648, organizations should first check for any official patches or updates from the plugin developer and apply them promptly once available. In the absence of a patch, administrators should consider disabling or uninstalling the YourMembership Single Sign On – YM SSO Login plugin to eliminate exposure. As an interim measure, implement web application firewall (WAF) rules to block or restrict access to the vulnerable 'moym_display_test_attributes' function or related endpoints. Review and tighten WordPress user role permissions and capabilities to minimize unnecessary access. Monitor web server logs for suspicious requests targeting the plugin's functions. Additionally, conduct an audit of exposed user data to assess potential leakage and notify affected users if necessary. Finally, consider alternative SSO solutions with verified security postures to replace the vulnerable plugin.