CVE-2025-10038

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/10/2025
Last modified:
16/10/2025

Description

The Binary MLM Plan plugin for WordPress is vulnerable to limited Privilege Escalation in all versions up to, and including, 3.0. This is due to bmp_user role granting all users with the manage_bmp capability by default upon registration through the plugin's form. This makes it possible for unauthenticated attackers to register and manage the plugin's settings.