The vulnerability identified as CVE-2025-13540 affects the Tiare Membership plugin for WordPress, developed by Qode Interactive. The root cause is improper privilege management (CWE-269) in the 'tiare_membership_init_rest_api_register' function, which is responsible for registering users via the REST API. This function does not properly restrict the roles that can be assigned during registration, allowing an unauthenticated attacker to specify the 'administrator' role. Consequently, an attacker can create an account with full administrative privileges without any authentication or user interaction. This vulnerability affects all versions of the plugin up to and including 1.2. The CVSS v3.1 score is 9.8 (critical), indicating a network attack vector with low complexity, no privileges required, no user interaction, and full impact on confidentiality, integrity, and availability. The vulnerability enables complete site takeover, including the ability to modify content, install malicious plugins, exfiltrate data, or disrupt services. No patches or fixes have been published at the time of disclosure, and no known exploits have been observed in the wild. However, the ease of exploitation and severity make it a high-priority issue for any WordPress site using this plugin.

For European organizations, the impact of this vulnerability is severe. Compromise of WordPress sites via this flaw can lead to unauthorized administrative access, allowing attackers to manipulate website content, steal sensitive data, deploy malware, or disrupt business operations. Organizations relying on WordPress for e-commerce, customer portals, or internal communications are particularly at risk. The breach of confidentiality could expose personal data protected under GDPR, leading to regulatory penalties and reputational damage. Integrity loss could undermine trust in the organization's digital presence, while availability impacts could disrupt critical services. Given the widespread use of WordPress across Europe, especially in small and medium enterprises, the potential for widespread exploitation exists. Attackers could leverage compromised sites as footholds for further network intrusion or phishing campaigns targeting European users.

Immediate mitigation involves removing or disabling the Tiare Membership plugin until a secure patch is released. Organizations should monitor official Qode Interactive channels for updates or patches addressing this vulnerability. If disabling the plugin is not feasible, restricting REST API access to trusted users or IP addresses can reduce exposure. Implementing Web Application Firewalls (WAFs) with rules to block suspicious REST API registration requests, especially those attempting to assign administrator roles, is recommended. Regularly audit user accounts for unauthorized administrators and remove any suspicious entries. Employing multi-factor authentication (MFA) for administrative accounts can limit damage if unauthorized access occurs. Additionally, organizations should maintain up-to-date backups and have an incident response plan ready to address potential compromises. Security teams should also monitor threat intelligence feeds for emerging exploits targeting this vulnerability.