CVE-2025-1564 – SetSail Membership <= 1.0.3 - Authentication Bypass via Account Takeover

https://notcve.org/view.php?id=CVE-2025-1564

28 Feb 2025 — The SetSail Membership plugin for WordPress is vulnerable to in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a users identity through the social login. This makes it possible for unauthenticated attackers to log in as any user, including administrators and take over access to their account. • https://themeforest.net/item/setsail-travel-agency-theme/22832625 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •