Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Mentoring by dreamstechnologies

    CVE-2025-13618 (GCVE-0-2025-13618)

    Vulnerability from nvd – Published: 2026-05-05 02:26 – Updated: 2026-05-05 12:38
    VLAI
    Title
    Mentoring <= 1.2.8 - Unauthenticated Privilege Escalation in mentoring_process_registration
    Summary
    The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoring_process_registration() function. This makes it possible for unauthenticated attackers to register with administrator-level user accounts.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    dreamstechnologies Mentoring Affected: 0 , ≤ 1.2.8 (semver)
    Create a notification for this product.
    Credits
    Ismail Syaleh
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13618",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-05T12:38:11.102538Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-05T12:38:18.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mentoring",
              "vendor": "dreamstechnologies",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ismail Syaleh"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoring_process_registration() function. This makes it possible for unauthenticated attackers to register with administrator-level user accounts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-05T02:26:55.265Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7192fb4c-0434-4e11-a2a7-c205b8d6b68e?source=cve"
            },
            {
              "url": "https://themeforest.net/item/mentoring-education-wordpress-theme/36457081"
            },
            {
              "url": "https://mentoring-wp.dreamsmarketplace.com/documentation/changelog.html"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-04T13:32:59.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Mentoring \u003c= 1.2.8 - Unauthenticated Privilege Escalation in mentoring_process_registration"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-13618",
        "datePublished": "2026-05-05T02:26:55.265Z",
        "dateReserved": "2025-11-24T19:59:15.187Z",
        "dateUpdated": "2026-05-05T12:38:18.642Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13618 (GCVE-0-2025-13618)

    Vulnerability from cvelistv5 – Published: 2026-05-05 02:26 – Updated: 2026-05-05 12:38
    VLAI
    Title
    Mentoring <= 1.2.8 - Unauthenticated Privilege Escalation in mentoring_process_registration
    Summary
    The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoring_process_registration() function. This makes it possible for unauthenticated attackers to register with administrator-level user accounts.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    dreamstechnologies Mentoring Affected: 0 , ≤ 1.2.8 (semver)
    Create a notification for this product.
    Credits
    Ismail Syaleh
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13618",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-05T12:38:11.102538Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-05T12:38:18.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mentoring",
              "vendor": "dreamstechnologies",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ismail Syaleh"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoring_process_registration() function. This makes it possible for unauthenticated attackers to register with administrator-level user accounts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-05T02:26:55.265Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7192fb4c-0434-4e11-a2a7-c205b8d6b68e?source=cve"
            },
            {
              "url": "https://themeforest.net/item/mentoring-education-wordpress-theme/36457081"
            },
            {
              "url": "https://mentoring-wp.dreamsmarketplace.com/documentation/changelog.html"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-04T13:32:59.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Mentoring \u003c= 1.2.8 - Unauthenticated Privilege Escalation in mentoring_process_registration"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-13618",
        "datePublished": "2026-05-05T02:26:55.265Z",
        "dateReserved": "2025-11-24T19:59:15.187Z",
        "dateUpdated": "2026-05-05T12:38:18.642Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }