The YourMembership Single Sign On – YM SSO Login plugin for WordPress suffers from a missing authorization check vulnerability (CWE-862) identified as CVE-2025-10648. Specifically, the function 'moym_display_test_attributes' lacks a capability check, which means that any unauthenticated user can invoke this function and retrieve profile data related to the latest SSO login. This vulnerability affects all plugin versions up to and including 1.1.7. The vulnerability is remotely exploitable without any authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The impact is limited to confidentiality, allowing attackers to read profile data but not modify it or disrupt service availability. The CVSS score of 5.3 reflects a medium severity level. No patches or fixes have been released at the time of publication, and no known exploits are reported in the wild. The vulnerability could be leveraged to gather sensitive user information, potentially aiding further targeted attacks or social engineering. The plugin is used in WordPress environments that implement Single Sign On for membership management, making it a critical component in organizations relying on seamless user authentication and profile management.

For European organizations, this vulnerability poses a risk of unauthorized disclosure of user profile data managed through the YourMembership SSO plugin. Such data leaks could compromise user privacy and violate data protection regulations like GDPR, leading to legal and reputational consequences. Organizations that rely on this plugin for membership authentication or user management may inadvertently expose sensitive user information to attackers. Although the vulnerability does not allow data modification or service disruption, the confidentiality breach can facilitate further attacks such as phishing or identity theft. The impact is particularly significant for sectors handling sensitive personal data, including education, non-profits, and membership-based services prevalent in Europe. The absence of authentication requirements and ease of exploitation increase the likelihood of opportunistic attacks. Additionally, the lack of patches means organizations must rely on interim mitigations until an official fix is available.

1. Monitor the plugin vendor's official channels for security updates and apply patches immediately once released. 2. Implement web application firewall (WAF) rules to restrict access to the vulnerable function or plugin endpoints, blocking unauthenticated requests attempting to invoke 'moym_display_test_attributes'. 3. Restrict access to the WordPress admin and plugin-related URLs using IP whitelisting or VPN access where feasible. 4. Conduct regular audits of user profile data exposure and logs to detect any unauthorized access attempts. 5. Consider disabling or replacing the YourMembership SSO plugin temporarily if critical until a patch is available. 6. Educate administrators and users about the risk of phishing or social engineering that could leverage leaked profile data. 7. Review and tighten WordPress user roles and capabilities to minimize unnecessary exposure of sensitive functions. 8. Employ network segmentation to isolate WordPress servers hosting the plugin from sensitive internal systems. These measures provide layered defense beyond generic advice and address the specific nature of this vulnerability.