CVE-2025-13313 is a critical security vulnerability in the dripadmin CRM Memberships plugin for WordPress, present in all versions up to and including 2.5. The root cause is a missing authorization and authentication check on the AJAX action ntzcrm_changepassword, which handles password reset requests. This flaw allows unauthenticated attackers to reset passwords for arbitrary users if they can obtain or enumerate the target user's email address. The plugin further exposes the ntzcrm_get_users endpoint without authentication, enabling attackers to enumerate subscriber email addresses easily. By chaining these weaknesses, an attacker can gain unauthorized access to user accounts, effectively escalating privileges without any authentication or user interaction. The vulnerability impacts confidentiality (unauthorized access to user accounts), integrity (password changes without consent), and availability (potential account lockout or misuse). The CVSS v3.1 base score is 9.8, reflecting its critical nature due to network attack vector, no required privileges or user interaction, and full impact on confidentiality, integrity, and availability. Although no exploits are currently known in the wild, the ease of exploitation and the severity of impact make this a high-risk vulnerability requiring immediate attention from site administrators and security teams.

The exploitation of CVE-2025-13313 can have severe consequences for organizations worldwide. Unauthorized password resets allow attackers to take over user accounts, potentially including administrative accounts if targeted, leading to full site compromise. This can result in data breaches exposing sensitive customer information, unauthorized transactions, defacement, or use of the site as a launchpad for further attacks. The ability to enumerate user emails facilitates targeted phishing or social engineering campaigns. For membership-based sites, this undermines user trust and can cause significant reputational damage. The vulnerability affects all sites running the vulnerable plugin versions, which may include e-commerce, subscription services, and community platforms. The broad impact on confidentiality, integrity, and availability, combined with the ease of exploitation, makes this a critical threat to affected organizations.

To mitigate this vulnerability, organizations should immediately update the dripadmin CRM Memberships plugin to a patched version once released by the vendor. Until a patch is available, administrators should consider disabling or restricting access to the vulnerable AJAX endpoints (ntzcrm_changepassword and ntzcrm_get_users) via web application firewall (WAF) rules or server-level access controls to prevent unauthenticated access. Implementing strict authentication and authorization checks on these endpoints is essential. Monitoring logs for unusual password reset requests or access to these endpoints can help detect exploitation attempts. Additionally, enforcing multi-factor authentication (MFA) for user accounts can reduce the risk of account takeover even if passwords are reset. Regularly auditing installed plugins and minimizing the use of unnecessary or untrusted plugins can reduce attack surface. Finally, educating users about phishing risks and encouraging strong, unique passwords can help mitigate downstream impacts.