ByteOS Network

NVD Vulnerability Details :

CVE-2025-15100

Awaiting Analysis

Source-security@wordfence.com

Published At-08 Feb, 2026 | 02:15

Updated At-09 Feb, 2026 | 16:08

The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_panel_ajax_update_profile' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-269	Primary	security@wordfence.com

CWE ID: CWE-269

Type: Primary

Source: security@wordfence.com

References

Hyperlink	Source	Resource
https://plugins.trac.wordpress.org/browser/jay-login-register/tags/2.6.01/includes/user-panel/jay-login-register-ajax-handler-user-panel.php#L624	security@wordfence.com	N/A
https://www.wordfence.com/threat-intel/vulnerabilities/id/fb900810-23a2-4920-a5e8-4388c4474de0?source=cve	security@wordfence.com	N/A

Hyperlink: https://plugins.trac.wordpress.org/browser/jay-login-register/tags/2.6.01/includes/user-panel/jay-login-register-ajax-handler-user-panel.php#L624

Source: security@wordfence.com

Resource: N/A

Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/fb900810-23a2-4920-a5e8-4388c4474de0?source=cve

Source: security@wordfence.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History