CVE-2025-14440 (GCVE-0-2025-14440)
Vulnerability from cvelistv5 – Published: 2025-12-13 04:31 – Updated: 2025-12-13 04:31
VLAI?
Summary
The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.01. This is due to incorrect authentication checking in the 'jay_login_register_process_switch_back' function with the 'jay_login_register_process_switch_back' cookie value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.
Severity ?
9.8 (Critical)
CWE
- CWE-565 - Reliance on Cookies without Validation and Integrity Checking
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| jayarsiech | JAY Login & Register |
Affected:
* , ≤ 2.4.01
(semver)
|
Credits
Kenneth Dunn
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JAY Login \u0026 Register",
"vendor": "jayarsiech",
"versions": [
{
"lessThanOrEqual": "2.4.01",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kenneth Dunn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The JAY Login \u0026 Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.01. This is due to incorrect authentication checking in the \u0027jay_login_register_process_switch_back\u0027 function with the \u0027jay_login_register_process_switch_back\u0027 cookie value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-565",
"description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-13T04:31:30.111Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/928877a6-eeeb-4ed5-900b-9b1560e1bf87?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jay-login-register/tags/2.4.01/includes/jay-login-register-user-switching.php#L98"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-12T16:06:15.000+00:00",
"value": "Disclosed"
}
],
"title": "JAY Login \u0026 Register \u003c= 2.4.01 - Authentication Bypass via Cookie"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14440",
"datePublished": "2025-12-13T04:31:30.111Z",
"dateReserved": "2025-12-10T12:22:08.723Z",
"dateUpdated": "2025-12-13T04:31:30.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…