CVE-2025-3281 is an authorization bypass vulnerability categorized under CWE-639 (Authorization Bypass Through User-Controlled Key) affecting the wpeverest User Registration & Membership plugin for WordPress. The vulnerability exists in all versions up to 4.2.1 within the create_stripe_subscription() function, where the 'member_id' parameter is taken from user input without proper validation. This insecure direct object reference allows unauthenticated attackers to specify arbitrary user IDs to delete accounts registered through the plugin. Since the function lacks checks to verify the requester's authorization or ownership of the targeted user account, attackers can exploit this flaw remotely over the network without authentication or user interaction. The vulnerability compromises the integrity of user accounts by enabling unauthorized deletions but does not expose sensitive data or cause denial of service. No patches or exploit code are currently publicly available, but the risk remains significant due to the ease of exploitation and the critical nature of user account integrity in membership systems. The CVSS 3.1 base score of 5.3 reflects network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, no confidentiality or availability impact, and limited integrity impact.

This vulnerability allows attackers to delete arbitrary user accounts without authentication, directly impacting the integrity of user data and membership records. Organizations relying on the affected plugin risk unauthorized account removals, which can disrupt user access, cause loss of user-generated content or membership status, and damage trust in the platform. While confidentiality and availability are not directly impacted, the unauthorized deletion of accounts can lead to operational disruptions, increased support costs, and potential reputational damage. Attackers could target high-value accounts or perform mass deletions to cause significant disruption. The ease of exploitation and lack of required privileges increase the likelihood of attacks, especially on websites with large user bases or critical membership functions. The absence of known exploits in the wild suggests limited current exploitation but does not diminish the urgency for remediation given the potential damage.

1. Immediately apply any official patches or updates released by wpeverest addressing this vulnerability. 2. If patches are not yet available, implement web application firewall (WAF) rules to detect and block requests containing suspicious or unexpected 'member_id' parameters in calls to create_stripe_subscription() or related endpoints. 3. Enforce strict server-side validation and authorization checks to ensure that any operation on user accounts verifies the requester's identity and permissions before proceeding. 4. Monitor logs for unusual account deletion activity, especially from unauthenticated sources, and establish alerting mechanisms. 5. Limit exposure of the vulnerable plugin’s endpoints by restricting access via IP whitelisting or requiring authentication where feasible. 6. Educate site administrators about the risk and encourage regular backups of user data to enable recovery from unauthorized deletions. 7. Conduct security audits of other plugins and custom code to identify similar insecure direct object references or authorization bypass issues. 8. Consider temporarily disabling the plugin or its vulnerable features if immediate patching is not possible and the risk is deemed high.